Julien Goodwin

Raspberry Pi debian notes

Fri, 27 Apr 2012 14:21:48 GMT

So one of the guys at our office somehow ended up with two Raspberry Pi's from the first batch, as one was enough for him to play with he offered the other one up, and I turned out to be the only person in the office who wasn't so lazy as to not walk over to the other building where he was to borrow for the weekend.

Here's a bunch of useful things that you probably want to do with the default Debian installation to make it more usable.

First, please don't give the foundation guys flack for any of these issues, a decent distro is hard, and I've paid hundreds of times more then this and gotten a horrific hack-job of (usually) debian (often with a kernel already years out of date, istead of one from this year). This really isn't too bad for a first go.

Security

If you're using the pi on a network, or in a public place there are a few things to consider, it's actually pretty good compared to most embedded images I've seen.

Regenerate SSH keys

The pi already has SSH keys on the image, this is a security issue as it makes you a very easy target for MITM attacks.
As root run:

rm /etc/ssh/ssh_host_*key
dpkg-reconfigure openssh-server

Note this enables SSH server on boot, so disable it if you want, see the note below about NFS, just use "ssh" as the service. If you've used SSH before this you'll need to delete your existing entry on your client before SSH will let you connect due to the new keys.

Consider disabling NFS client (the sole open services by default)

Other then the ports being open this has no security implication, but it does save a lot of boot time.

update-rc.d portmap disable
update-rc.d nfs-common disable

Delete the pi user

Or at least change its password. If you create another admin user consider removing pi from sudoers.

Minor bits

"root" has an invalid password (same as Mac OS, Ubuntu, etc.). The users "tli" and "pnd" exist in /etc/shadow with passwords (but not /etc/passwd). The user "suse" also has full root by sudo, but doesn't exist.

Keyboard layout

Most of us don't use UK keyboards, you can switch to your local layout by running "dpkg-reconfigure keyboard-configuration". you may want at least a qwerty (if not UK English) layout keyboard for this step, will be hard without one.

Time zone

I think the concept of a "British Summer" is an oxymoron so I want to change the timezone to something more relevant to me.

You can do that by running "dpkg-reconfigure tzset" (again, sudo for root if needed)

Console Blanking

If you're using a pi as a server you might want to disable console blanking so if you connect a monitor you don't need to hit a key to wake it up (which you might not be able to do if you've somehow crashed it).

To do this edit /etc/kbd/config and change BLANK_TIME to 0>.

Debian Mirror

You may wish to change to a local debian mirror by editing /etc/apt/sources.list and changing "uk" to the appropriate two letter code (debian mirror list), then as with all apt based systems, "apt-get update" to find new packages, apt-get dist-upgrade to upgrade to them (you should be careful what you install unless you've expanded the filesystem as there's not much free space).

I'd actually suggest the following as a good base debian apt set, these include security updates:

# Main, the core of debian
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

# Security updates
deb http://security.debian.org/ squeeze/updates main contrib non-free
#deb-src http://security.debian.org/ squeeze/updates main contrib non-free

# Other important updates before point releases
deb http://ftp.us.debian.org/debian/ squeeze-updates main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze-updates main contrib non-free

The commented out lines are for source packages, unless you plan to do debian package development on the board itself they're not worth it

Swap

You can (but probably shouldn't unless you like killing SD cards) enable swap by uncommenting the swap line in /etc/fstab and rebooting or running "swapon -a"

Expanding the filesystem to use all (or just more) of your SD card

WARNING This is only applicable to the 19/April/2012 Debian build, it's very easy to destroy data by doing this wrong.

I installed on an 8GB card (as it was all I had lying about) and wanted to use all the space available. If you're going to expand the filesystem I'd suggest doing it straight away so you won't feel bad if you stuff up and destroy the OS on the card.

All of this procedure needs to be run as root.

First, change the partition size:

fdisk /dev/mmcblk0

Inside fdisk use these commands:

Type "p" and press enter, note the "Start" number of p2 (in this image, 1233)
Delete the swap partition with "d" then "3"
Delete the root partition with "d" then "2"

n

2

1233

Verify things look ok by printing the table again ("p")
If they're all good use "w" to finish.

Now reboot

Once the system is back to finish expansion run:

resize2fs /dev/root

(This took several minutes on my 8GB card)

You can verify the result with "df -h"

Lab equipment: Juniper

Tue, 14 Feb 2012 10:58:12 GMT

I'm getting back in networking certifications again as several of my various certifications come due for renewal over the year.

First up are the Juniper certs, and of those, the Enterprise track, so here's my view on what lab equipment is most helpful for each track.

Enterprise

2+ EX4200 - The 4200 is the best model to have in the lab as although stacking isn't on the exam various side-effects of it are, and only the EX and M/MX/T lines implement it.

2+ SRX/J - For IS-IS, BGP, IPv6 and other items that require a licence on the EX line a pair of SRX or J's may be the easier way to go.

Security

3+ SRX/J - If you have infinite money the ideal would be a pair of SRX240's and a pair of SRX1400's to cover both major hardware lines, but anything from SRX210 up should be fine (the SRX100 will work for most things, but is not enough for some tasks).

Service Provider

1 MX with ~20 ports (in practice a 240 or an 80 are all that make sense, all ethernet is fine)

An M series (5/7i/10(i) most likely) with SONET and ATM pics is useful as well to round out knowledge. A SONET MIC on the MX would suffice if you really need it.

Through the P level several SRX (210-650) or J series are sufficient.

Also useful are ~3 additional Ethernet switches for Spanning Tree labs, a few CPE type devices, and a server to run Radius on (and serve OS images)

What I enjoyed at linux.conf.au 2012

Tue, 14 Feb 2012 09:53:41 GMT

This year, for the first time I can recall, I went to LCA paid for by my employer, that meant writing up a trip report when I got back, and, since others might enjoy it, here it is.

I'm not going to cover everything I saw, just the highlights (which does
happen to be most of the talks I saw).

"Lazy Security in a Large Gateway - Mark Suter" (Unisys, Sysadmin miniconf)
http://youtu.be/JIQa1Avn_bY

Mark said many good things, amongst which are these two:
"When the model doesn't reflect reality and you blame reality, you stop
doing science and start doing economics"
"if you have a policy that doesn't allow exceptions you have a broken
policy"

Keynote by Bruce Perens
http://youtu.be/Uoum-DHO7S8

If you're interested in open hardware the latter part of Bruce's talk
covers some projects you might find interesting, otherwise skip it as
the first part is badly presented and largely a compliance rant.

Jon Corbet's (of lwn.net) Kernel Report
http://youtu.be/elRCAD3sPEk

Every year Jon gives a state of the kernel, there's some neat stuff
happening, including in the networking space.

His talk later in the week "Challenges for the Linux plumbing community"
is also worth a watch.
http://youtu.be/dNXggr8ycNE

"EFI and Linux: the future is here, and it's awful" Matt Garrett (Red Hat)
http://youtu.be/V2aq5M3Q76U
http://youtu.be/IfKF7mEY5Dc (repeat)

If you've never seen Matt speak, it's a treat. In this talk he descibes
how EFI works.

There were two talks on Tuesday afternoon largely covering change
management.

"Mistakes were made" by Selena Deckelmann
Analyse failure more then success, but remember to analyze success,
there's always things that can be done better.

"Moving Day: Migrating Big Data from A to B" by Laura Thomson
Much of the same, worth watching more for the parts on negotiating
change times.

"IPv6 Dynamic Reverse Mapping - the magic, misery and mayhem" by Robert
Mibus (Internode)
http://youtu.be/JsAUXuL6IrY

The talk covered Internode's solution to generating valid reverse DNS
for their customers with query-time live generation and a custom
python-based DNS server.

(Chatted with him later, he had a glue TTL related bug in his design,
also was able to assist with some local IPv6 contacts)

"Multi-tenancy, multi-master, Sharding, scaling and analytics with
Drizzle" by Stewart Smith
http://youtu.be/3-t7KRAIwwA

Stewart is one of those people who it's always worth hearing what they
have to say, he's worked on XFS for a few years, then MySQL/drizzle for
at least the last six.

One neat feature of drizzle (the better scaling, less crufty MySQL fork)
is that their extension API is simply (the open source release of)
protobufs.

Keynote - Paul Fenwick
http://youtu.be/KV1iUmDVsM4

On hacking brains, some very neat stuff about cognative biases.

Next up was a double header on filesystems, Avi Miller from Oracle on
btrfs, then Dave Chinner from Red Hat on XFS

http://youtu.be/hxWuaozpe2I (btrfs)
http://youtu.be/FegjLbCnoBw (xfs)

These are good on their own just for the information, but are excellent
when watched in order just to see the serve Dave sends Avi's way.

(the short version is you should use XFS for everything, it's awesome)

Also neat tool "seekwatcher" which can be used to visualise disk load:
http://oss.oracle.com/~mason/seekwatcher/

"Mentoring: We're Doing It Wrong" by Leslie Hawthorn
http://youtu.be/ydS4vXNzN0I

Leslie, for those who don't know is an Xoogler from the Open Source
office, and is responsible for the LCA 2007 party, whilst compiling
this I did find several photos of me at that party:
http://✎.net/wp-content/uploads/2007/01/linux-ninja.jpeg

"Helping your audience learn" by Jacinta Richardson
http://youtu.be/S7-tP_olziM

For anyone writing training sessions, long or short, *watch this*.

On Thursday afternoon there were several talks on Android accessory
development, worth watching if you think you might be interested.

"Desktop Home Hacks" by Allison Randal
http://youtu.be/a8asl5SsGy4
(Not actually android related, but fits with the bunch)

"World domination and party tricks with the Android Open ADK" by
Jonathan Oxer
http://youtu.be/cixG5-jPjQw

Jon's awesome, and not only injected himself with an RFID tag several
years ago, but took photos for his blog.
http://grinding.be/2008/03/07/exploring-rfid-implants/

"Android Accessories Made Easy With Arduino" by Philip Lindsay
http://youtu.be/4yBkSwP9x7s

This talk covered "handbag" an android app that allows you to write UI
in Arduino instead of Eclipse. Very neat (although doesn't work on ICS yet)

"Hack everything: re-purposing everyday devices" by Matt Evans
http://youtu.be/VY9SBPo1Oy8

Some interesting thoughts on reverse engineering, and reusing old
consumer electronics.

"What is in a tiny Linux installation" by Malcolm Tredinnick
http://youtu.be/4UU0Dd4dQ1I

Malcolm covered the kernel and low-level userspace components of a tiny
embedded linux build, worth watching if you ever want to build / hack
such devices.

"Bloat: How and Why UNIX Grew Up (and Out)" by Rusty Russell and Matt Evans
http://youtu.be/Nbv9L-WIu0s

This talk looked back over forty years of unix and showed where how
cat/grep/ls/etc. went from several kilobytes into several hundred kilobytes.

"Rescuing Joe" by Andrew Tridgell
http://youtu.be/ML__e_ZcWiQ

Tridge (of Samba, rsync fame) gave a talk on the UAV project he's
involved with that has a goal of a plane autonomously locating a lost
hiker and sending them an aid package, from takeoff to landing with no
human intervention.

"Codec 2 - Open Source Speech Coding at 2400 bit/s and Below" by David Rowe
http://youtu.be/KsywWf8dQgU
http://youtu.be/7y6CHpMauHw (repeat)
(I saw the repeat as I missed it first time around)

This is a speech codec designed mainly for use over modems and ham
bands. The codec 56 bytes per 40ms *impressive*. Interesting fact,
speech codecs of such low data rates are classed as munitions

The "Qantas Feedback Panel"

Thu, 05 Jan 2012 14:39:08 GMT

I was invited by Qantas to join their feedback panel, and despite recent service being fairly unimpressive (Given that I flew one one of the very last flights before the grounding, and two the day the took to the air again that's not surprising) I decided to give it a try.

After my flight to Melbourne for Christmas I got a link to a survey, in it they asked a few questions about service on the ground and in the air. However instead of using text boxes they decided that a 1-10 value was sufficient.

They also rate limit the survey to (based on a forum posting somewhere) not more often then once every 10 days. This means that after my flight back to Sydney, in which many more things went wrong, and right, then normal there was no way to let them know through this channel.

I think both of these are wrong, if I was doing it I would ask five questions (based on their existing questions):

What, if anything, impressed you with your experience when booking, and on the ground?
What, if anything, disappointed you with your experience when booking, and on the ground?
What, if anything, impressed you with your experience in the air?
What, if anything, disappointed you with your experience in the air?
Any other feedback about this flight?

And in addition to mailing (do it as one mail for all flights at the end of a round trip if it's for a week or less) make the link available as a "give feedback on a recent flight" link for all Frequent Flyers. Perhaps give some nominal bonus (miles/status credits) to people who give feedback that Qantas are able to take action on.

Yes using free text requires more time to review, but it's needed if they really want feedback. Even one person should easily be able to handle 100 requests that need to be examined and passed on for action, or many times that for ones that say nothing specific (or simple things like "the baggage service in SYD is very slow") per day.

The obliagatory 30000' post

Sat, 03 Dec 2011 23:18:49 GMT

I'm on a plane cruising over the pacific ocean, so it must be time for another instalment of "Julien writes a blog post about a Cory Doctorow book while sitting in (premium) economy on-board a Qantas jet flying to/from the US".

First of all, the Qantas A380.

It's an interesting aircraft, unlike the 747 it lacks that massive sense of power on a fully loaded take-off roll. Overall it's a nice plane, but I still hold a torch for the 747. It is quieter which is nice as I somehow lost my custom earplugs. Premium economy is about the same as in the 747, except it's upstairs which ads to the privacy (despite requesting upgrades to business on both outbound and return I failed to win the upgrade lottery although I did luck out with an empty seat next to me on the way out). The bathrooms seem smaller then on the 747, although given that it's over two years since I've flown on one of those that could just be wishful thinking. The entertainment system seems like a small, but nice, improvement over the 747. One thing that makes me very sad however is that Qantas (or possibly one of the aviation regulators that they're beholden to) felt the need to keep lit "no smoking" signs, which doesn't help people like me sleep with all those extra points of fairly bright light. However for some strange reason the in-seat power doesn't seem to work for my thinkpad (tried multiple chargers both 60w and 90w, one of them [the 90w] nearly brand new, with both Australian an US plugs), fortunately this one still gets over five hours of battery life even though it's coming up on 18 months old with the original battery. (Update: of course when the flight attendant tried it worked fine, go figure), of course then the plane decided we're on a landing trek and turned all the lights on and killed seat power which took a few minutes to resolve.

It's a real shame that Qantas don't offer the SYD-SFO service any more, evidenced solely by the number of people connecting from bay-area flights there's still demand for it, and Qantas did state it was a profitable route, I hope when more A380's come that they'll reintroduce it as a 747 route.

I also feel obligated to give a shout out to the cute PM from Oracle with whom I had a nice chat in LAX while waiting to board (another Aussie working in the valley).

As I've been in the states for a few weeks I've done a bunch of shopping, picking up a few things that are unavailable, or just too expensive in Australia.

The item longest on my list was a Unicomp keyboard, particularly the version with the inbuilt trackpoint (or whatever female body part you prefer to call them). It's so nice to have a solid keyboard again, and I'll certainly enjoy having a good keyboard to work off, Google offers a decent variety of keyboards for their staff, but none were ones I was particularly happy with.

Next comes a slightly odder one, Pelican, well known for making hard cases came out a year or so ago with their "1510 LOC" which is a 1510 case (supposedly the maximum dimensions for a carry-on bag, not that anyone respects that) but with inserts that make it into a small overnight case, with a neoprene laptop sleeve in the lid, it's a very nice combination, and (hopefully) somewhere below me is mine carrying many of my newly acquired gadgets.

In terms of new gadgets I picked up the two newest form of Amazon's Kindle, neither available outside the US, the Touch and the Fire. I've never owned an e-Reader of any sort before so these are new to me. My general view is that the fire, for anyone outside the US is a waste of money (unless you want a 7" tablet for custom apps, which was my plan). The touch on the other hand is a much nicer device, only let down by its lack of physical page-turn buttons, and well worth the US$100 price. (For more of my view on the fire see the Delimiter review and my comments on it)

I picked up a FitBit Ultra for a friend and decided to try one myself, not a bad little unit, but once I've got my typical daily stats I suspect the novelty will wear off and I'll not bother with them, the sleep tracking I gave up on after less than half a night due to the uncomfortable wrist band.

The rest of my purchases were fairly minimal, a couple of random bits from a Frys trip and other odd pieces from the Amazon order.

As mentioned I was in the states for a few weeks, only a few days short of a whole month. My trip started with a big off-site for all of NetOps (and associated groups) down in San Diego, of which many of us from Sydney missed much of due to the need to cover our Sydney shifts combined with an unexpected critical update we had to roll out across many of our devices. I will say that even the basement of a five star hotel is a nice place, and ordering many hundreds of dollars of room service on the company is oddly fun.

Given the number of (staff) visitors Google has in Mountain View they've bought up a bunch of corporate apartments which was my home for this trip, combined with the Google shuttle bus' for commuting, and that I ate breakfast, lunch, and dinner at the office nearly every day (notable exceptions were the days around Thanksgiving when much of the campus shut down) during the week this allowed me to have eyes only for the company. But even with this I don't think I'd actually move there, this trip reinforced for me that outside a few major cities it's close to impossible to live in the states without having a car, and an inability to get to all sorts of places would get to me very quickly. It is annoying however that the en-suite bathroom in my corporate apartment was at least twice the size of the bathroom in my apartment in Sydney.

All this has been a nice distraction from actually writing about Cory's book "With a little help". This is a short story compilation so it's hard to actually give a good review of the content given its varied nature. The story on what Google could be like if we/they actually tried to be evil was scary, not least because I started thinking about the interesting technical challenges that would be involved, only to see Cory's note at the end suggesting that interest in the challenges as one plausible way that Google might head down that slope. One thing that I can comment on however was the physical aspect, I bought the hardbound version and am actually somewhat disappointed with it as a *book*, it's beautiful, but not quite as good as a typical machine binding, also the paper is a little too thick to be a nice read, but does give it some gravitas as a trinket.

JunOS apply-groups

Tue, 22 Nov 2011 08:44:12 GMT

Ivan Pepelnjak has recently been playing with JunOS, and was wondering how people configure various things.

Here's how to use Juniper's built-in groups feature to make configuring backbone interfaces in an IS-IS+MPLS environment trivial (and I've thrown in IPv6 for free). This is not a complete config (notably IS-IS I've left out as I'm too tired to write that as well).

One other trick I've included is using groups to set your own defaults, in this case the frame scrambler for SONET links.

groups {
	BACKBONE {
		interfaces {
			<*> {
				mtu 2000;
				unit 0 {
					family iso;
					family inet6;
					family mpls;
				}
			}
		}
	}
	SONET-DEFAULTS {
		interfaces {
			<so-*> {
				sonet-options {
					fcs 32;
				}
			}
		}
	}
}
interfaces {
	apply-groups SONET-DEFAULTS;
	ge-0/0/0 {
		apply-groups BACKBONE;
		unit 0 {
			description "A Backbone link";
			family inet {
				address 10.1.2.3/26;
			}
		}
	}
	so-0/1/0 {
		apply-groups BACKBONE;
		unit 0 {
			description "Another backbone link";
			family inet {
				address 10.2.3.6/28;
			}
		}
	}
			
}
protocols {
	rsvp {
		interface all;
		interface fxp0 {
			disable;
		}
	}
	mpls {
		interface all;
		interface fxp0 {
			disable;
		}
	}
}

An efficient, yet high performance, PC

Mon, 21 Nov 2011 07:09:16 GMT

A thread currently ongoing on the LUV list about RAM and swap had me thinking about how to create a desktop system capable of high performance that idles with low power usage.

The way I think that would actually work is to split a system in two. First, a main system containing:

A dual-core 64-bit ARM CPU (the 64-bit ARM is now standard, but will take a while to make it to mass production)

A few SATA ports, at least two 6Gb

A basic 3D GPU, a laptop-level NVIDIA or AMD chip is probably right here, needs to be capable of driving four simultaneous displays and/or two 30" monitors

A *good* 1Gb ethernet NIC, capable of sustaining wire-speed transfers

Capable of taking 16GB of RAM, normally 4GB or 8GB for this sort of system

This should easily be doable in less then 30 watts, and, for most operations would not be obviously different from a larger system.

Next, sitting off across a PCIe link (at least 10Gb/sec, so x4 if Gen1), a simple, yet high performance system with a "single-board" system, containing:

A high end Intel (eg. Core i7 39xx) or AMD (Bulldozer) cpu

As much RAM as they can take, could be 32GB or more

BIOS would be LinuxBios to allow fast booting and shutdown

And that's it, all IO would be via the PCIe bus back to the main ARM system. A simple job scheduler on the ARM side could then allow jobs needing high performance to spin up the big system, and after all jobs complete and the big system goes idle, shut it down again.

I have a hefty Intel system (Core i7, 12GB RAM) on my desk at Google, and, for some network simulation jobs this can max-out my system for a few minutes, but the other 99% of the day a much smaller system would be more then enough.

Gnome3

Mon, 21 Nov 2011 06:42:54 GMT

Last weekend Debian Testing got Gnome3, and because I was bored waiting for my shift to start (pretty much all of Google NetOps Sydney was in Mountain View for the week so we had to cover Sydney hours from Mountain View, that means 5pm - 1am shifts, not *quite* as bad as you'd think) I decided to upgrade. Apart from my laptop's SSD going read-only in the middle and breaking X the upgrade went fine.

Unfortunately the default Gnome3 interface is simply unusable, I tried for a few minutes to open my normal programs and just failed.

The fallback interface on the other hand is close enough to Gnome2 that after a few hours of tweaking (very little of my settings stayed), and with the aid of the un-official Tweak Tool I've been able to get a session I'm fairly happy with.

Things I still don't like though are:

Having to alt-right click on panels to get to the settings

A bunch of settings were lost on the upgrade from gnome2

The new "Cantrell" font is barely distinct when bold, this makes many things that rely on bold to distinguish states unusable (eg, Thunderbird), otherwise I actually like the font, and was disappointed to switch back to Bitstream Vera

No dark GTK theme, this is fixed in 3.2, but that's not yet available in Debian (although the theme package is in experimental it's uninstallable due to broken depedency chains)

Lack of support for classic screen savers. I love the unicode screen saver, but only "blank screen" is offered, and badly implemented at that

The inability to disable evolution and telepathy. I don't use either, and particularly evolution likes to do stupid things to my session. (I also don't like the update notifier, but that's minor)

Also need to find a way to disable gphoto2 stealing my iPhone when it's plugged in, it should *always* go to VMware

"The Limoncelli Test"

Tue, 08 Nov 2011 04:12:14 GMT

Tom Limoncelli (of "Time Managment for Systems Administrators" fame) recently posted The Limoncelli Test: 32 Questions for Your Sysadmin Team, it's a great start, but I have a few things I'd add (and his comment form is broken).

Can the loss of any single team member (eg, "hit by a bus") be handled with no operational impact (ie, projects may be delayed, but no services expected to fail).

Think of SPOF's as per-service not per-system

Are internal requests also in the ticket system, if only external stuff is in it you're not tracking a large amount of work

Do you only have *one* ticket system for everything? Most of the better systems (eg, Atlassian JIRA) can do complex workflows reducing the need for separate systems

Do you keep a repository of the install media for all currently deployed systems. This includes things like firmware upgrades, OS images, etc. Not just the latest version, but of *all* currently deployed versions.

Do your laptops have fully-encrypted drives to prevent release of private data. On recent hardware there's *no* performance hit for this with spinning disks, and minimal with SSD's, and it solves so many problems. Having a policy that no such data gets on laptops may help, but isn't enough.

Does your configuration system keep it's config in an RCS. Just having central config isn't enough, it needs to be revision control so you can roll back, and have history to know when something changed.

For core networks and other critical systems N+2 might be needed, if failure during a maintenance would immediatly cause serious issues (DNS is a prime example in many cases). You may also need to consider having one system use different software to prevent something like a BIND exploit take out everything.

Don't do the popular thing ("Cargo Cult Systems Administration"). Google does things that make sense for *LARGE* clusters, not a single-server site, many of the hip new programming things might not be deployable at needed scale (either down or up, programming techniques have a scale band). Virtualisation makes little to no sense for clusters (depends on the app).

Thoughts on Juniper's new switch introductions

Sun, 02 Oct 2011 15:24:02 GMT

So Juniper have released new switches, what's my view?

Lets go from small to large.

That means starting off with the EX2200-C, a 14-port Gig-e switch, with the last two ports being copper / SFP combo. Fanless and with an optional 100W of PoE this promises to be a wonderful access switch, with its only real disappointment being the lack of a model with 10g uplinks, most likely not done to avoid cannibalizing sales of the higher end when used as 10g fanout switches (at this point the cost of the chips would be minimal, although overall integration might still have increased the cost too much). It even does "enterprise" routing (ie, OSPF & RIP, but no IS-IS or BGP, no dynamic routing of IPv6 either). This would be a wonderful replacement to the switch running my home network in Melbourne (a generic Chinese brand 12-port PoE switch), and if the price (and shipping time) is right I may well put one in there. If the price is exceptional I might even grab one for my place in Sydney, not that I currently use any copper ports at all here.

Next up the chain is the EX3300 series, essentially a simple upgrade of the EX3200, just with four 1/10g combo SFP+ uplinks. The hardware looks wonderful, but the software is the problem here with it using the EX2200 line, not the EX3200/4200 line, so again no v6 dynamic routing or BGP. Also at only 8k routes and 4k ARP entries this is a shrink from the 3200. So if you only need L2 this could be great, but buying an L3 switch that can't do IPv6 (in a useful way) in 2011 is beyond stupid, no matter how much you might not care about IPv6 today. The real curve ball here is integrating Juniper's VC stacking, albeit in the slower version using 10g ports and limited to six switches at maximum. I'm not so sure how useful this is once the software limitations start hitting. The real test will be if Juniper allow these to be used as Qfabric management switches.

Finally, there's the switch that makes no sense to me, the EX6200, which seems to simply be a cheaper build EX8208 with PoE support. It *is* more then that, really targeted as a Cisco Catalyst 4500 replacement. Again the lack of 10g is strange, with only the fabric / control modules having any. There isn't even a 4x 10g line card (at least for now), or any line cards other then 48-port gig-e. Again this is aimed at "enterprise" (and access at that) with similar shrunk limits from the original EX line. Even the software is still neutered, with BGP, IS-IS and IPv6 simply listed as "roadmap" features, making this useless for many.

So in short one nice compact access switch, one nice 1ru switch let down by software, and one chassis switch let down by lack of 10g and software.

Juniper Qfabic, what's missing?

Sat, 17 Sep 2011 13:49:39 GMT

Juniper have finally released Qfabric, and although it's only day one there's a few things that, for me, are missing before this becomes a really nice solution.

Given that my job allows me to not care about datacenter networks these days this is a somewhat academic exercise, but I still think about them.

1. Common XRE - Juniper now has several external routing engines, the QFX3100 (for Qfabric), the XRE200 (for EX8200), the JCS1200 (For T-series and TX-Matrix plus this one is an IBM blade chassis). As they are all so similar why not make them one SKU with multiple software loads (ideally including a BGP route reflector, something Juniper operators are crying out for, but the only official option, the JCS1200 is too physically large and expensive for)

2. Single-box management plane switch. Build a big box with just the needed gig-e ports and a single pair of power supplies, even if it's just four EX4200's internally it would make things neater.

3. MX/SRX5k interface module. Make a four-port 40g module for the MX and SRX5k that directly uplinks into Qfabric, even if it's really most of a Qfabric node from the Qfabric side, and some weird aggregate interface from the MX/SRX side. This would allow external connectivity and security to live closer to the fabric. A node module that's four 40g up to the fabric and four 40/4x10 combo ports would also work, although may not be worth producing

4. Offer a fibre control plane option. Currently the management network is copper only which limits the furthest rack to 100M (by copper run) from the fabric interconnect (assuming the management switches are nearby the fabric interconnect). Going to multimode switches the limitation to 150M on OM4 due to 40g limits. If you were able to use single mode for both this would essentially eliminate cable distance as an issue. The real win here is the elimination of bulky copper runs, which also eliminates cross-rack copper, something important to avoid for some situations

5. A 4RU(ish) interconnect, to support ~32 nodes. This would be enough for plenty of situations, and allow a fully redundant setup in less then half a rack (for control switches, directors, and interconnects). Building anything smaller is probably not worth it. (Juniper has stated that "smaller" interconnects are coming, but no solid sizes have been announced). These days that would buy at least 32 racks (redundantly connected) of blade chassis, which, once they're running hypervisors is a huge amount of capacity (and power for that matter) that would suffice for many situations.

Ultimate optical platform for metro/regional core transport

Sat, 10 Sep 2011 17:10:06 GMT

So I now work at Google, one of the largest global data networks. Among other things this has meant I've quickly had to learn a lot about optical (DWDM) systems in the real world. Between the various ones we, and carriers we work with deploy I've had to learn the basics of a bunch of optical systems and see one big thing they're all ignoring.

Photonic switching (the high density kind, 40x40 and larger). Essentially a DLP chip (think projectors) used as a light-router. Combined with already existing, but largely unused things like commodity tunable optic modules to allow existing routers to speak DWDM wavelengths natively.

Once combined with the giant MPLS switches about to hit the market (at least Juniper's PTX), or MPLS capable large routers (Juniper T series, Cisco CRS, Brocade NetIron) the need for very high number of individual links starts to become a real pain when having to manage even just the cabling.

Before I spell out this idea, just a little disclaimer, I know of no (announced) commercial system that is similar to this, nor am I aware of any proposed similar system being pitched to my employer or other location where I could be expected to be aware of it. This is also not some secret Google internal project (well, that I'm aware of). A quick search shows one related research attempt, but nothing really close.

The holy grail for optical transport in IP/MPLS networks is a fully optical DWDM system, leaving all the intelligence in the routers (or a centralised control plane), while removing the need to manage the bandwidths of a line system (transceivers, multiplexers, etc.). It also allows pre-cabling everything at initial installation letting wavelenghts be brought up as needed remotely. If the router optics are tunable this even allows shifting channels with only a few seconds outage for the re-tune.

As tunable optics, filters, and photonic switches have now been in the market for several years the core components for this are ready, they just need to be combined.

The flow of my 1 degree terminal system is:

Inbound

(Optional preamp with tunable filter for long haul)

Trunk Fibre in

Monitor split (50% pass)

Management channel drop

40/80/160 channel demux

Photonic switch

Patch port

Fibre out to coloured / tunable optic on router

Outbound

Fibre in from coloured / tunable optic

Patch port

Tunable filter and attenuator (Band protection, power matching)

Photonic switch (for a 1-degree site this really just buys loopback)

Optical mixer (potentially inside the photonic switch)

Power amp (Likely RAMAN/EFDA combination)

Management channel merge

Monitor split (99% pass)

The multi (3+) degree wavelength router:

N inbound trunks & demux, same as 1-degree up to photonic switch

N outbound trunks same as 1-degree from filter, skip switch

M wavelength conversion transponders. These would be electronic (two tunable XFP / SFP+'s in a trivial media convertor design) but only in line when conversion actually needed. If and when pure optical wavelength conversion breaks out of the lab these could be used instead.

The photonic switch in this case needs to be much larger in this case, 200 inputs probably being the minimum to handle the expected transit plus transponder traffic.

Extra bits:

Use some spare ports on the photonic switch to allow (remotely triggered) hard loops on the line system to aid link troubleshooting

The management port is just one locked wave (possibly 1300nm) running ethernet

If there was any way to usably have an ODTR permanently hooked to the trunk TX/RX fibres (not permanently running, but automatic on failure of management channel) that would be ideal

The trunk side of things could simply be a JDSU "AON Super Transport Blade" with the WSS removed

The Glimmerglass photonic switches are the obvious candidates for switches, although they only go to 192x192 with simple design a CLOS tree should allow expansion to N-degree M-wavelength systems

If used as a metro system this could even not need the amps or attenuators, making this a purely passive system, yet fully switchable. IF you trusted the optics enough (or just accepted the occasional interference) you could drop the filters as well, reducing this to an off the shelf optimux going into an off the shelf photonic switch (although the cabling load would kill it if you tried to build it like that).

In theory a 40 wave, 1 degree terminal built against this should easily fit in 6RU or less, and cost much less then the active systems of today (albeit more then the fixed passives of today). A 4 degree interconnect should fit in 8-10RU plus any space needed for wavelength converting transponders.

Moving to Sydney

Tue, 31 May 2011 10:15:59 GMT

On July 4th I start my next great challenge as I start a new operations job in Sydney at Google (office is in Pyrmont next to the casino for those who may not know).

More then just leaving my job of just over three years at Editure (MyInternet / SchoolsNet for the Melbourne old-guard) it means leaving Melbourne entirely, something both exciting and quite scary.

In the past I've not been a fan of Sydney, but a few needed trips over the past year have gotten me over that and I've come to appreciate Sydney as a different but interesting city; I doubt I'll ever love it as I do Melbourne but I think I can enjoy living there.

Possibly the best part of this move is the opportunity to live in a more sane location and rid myself of much of my current 3 hour (~90 minutes each way) commute. I'm hoping to eventually rent a place in (probably) Glebe and walk or bike to work. Unfortunately the experiences of a former coworker show that it's not practical to rent in Sydney without being physically present so I still need to find a solution for the first few weeks (any pointers greatly appreciated). Not being a driver either means that setting up a place will be "interesting".

It will also be great to get to know a bunch of people that I only ever meet at the yearly linux.conf.au, OSDC, and SAGE-AU conferences, starting, most certainly with the SLUG crew. If you're a Sydney-type I'd love to know what else goes on that I should know about.

New Years Eve Video's

Tue, 11 Jan 2011 07:37:02 GMT

Two video's I made on New Years Eve.

First, the state of my networking lab:

Second, here's my main home reference rolling over to the new year, as well as some other quick clock info.

If you're interested in learning more about timing my OSDC 2010 presentation on the topic is available at blip.

JunOS version comparuson

Thu, 18 Nov 2010 10:59:17 GMT

Recently I've been cleaning up my OS image collections of my Cisco and Juniper kit. Doing version comparison in IOS is a right pain in the a@#, but JunOS is fairly simple, albeit beyond the built-in sorting capabilities of most languages. So here's a simple PHP function, suitable for the usort family of functions that sorts by release version.


<?php

function compare_junos_versions($v1, $v2) {
    // Quoth the manual:
    // The comparison function must return an integer less than, equal to,
    // or greater than zero if the first argument is considered to be 
    // respectively less than, equal to, or greater than the second.
    $regex = '/([1-9]?[0-9])\.([0-9])([RS])([0-9]+)\.([0-9]+)/';

    preg_match($regex, $v1, $c1);
    preg_match($regex, $v2, $c2);

    // Major
    if ($c1[1] > $c2[1]) return 1;
    if ($c1[1] < $c2[1]) return -1;

    // Minor
    if ($c1[2] > $c2[2]) return 1;
    if ($c1[2] < $c2[2]) return -1;

    // Release / Service
    if ( ! ($c1[3] == $c2[3])) { // By far the common case is both are release
        if ($c1[3] == 'S') return 1;
        if ($c2[3] == 'S') return -1;
    }

    // Revision
    if ($c1[4] > $c2[4]) return 1;
    if ($c1[4] < $c2[4]) return -1;

    // Build
    if ($c1[5] > $c2[5]) return 1;
    if ($c1[5] < $c2[5]) return -1;

    // And I guess they're equal
    return 0;
}

?>

How to make a concert truely excellent

Thu, 18 Nov 2010 10:39:35 GMT

Inspired by seeing Leonard Cohen playing at Rod Laver last Friday (and Crowded House there the week before) here's a few things that I wish more bands would do to make their concerts a more memorable experience.

Simplify the lighting, yes automated moving lights are now cheap, however simple colour washes and the (very) occasional static gobo logo can serve very well, a simple chase can add more then enough movement.
Run the sound only as loud as it actually needs to be. Here's one where rock/pop concerts will always fall down due to the more engaged audience.
On sound, it should be clear, try for a minimum of effects and reverb (obviously this is after anything used as an effect in the songs), EQ should only be used for aiding clarity and cleaning frequency response. People want to head the subtle nuances in the performance.
Finally, to the performers, if you can find great players / singers, who can get into a groove, and don't feel the need to "show off" with solo's that guarantees a memorable performance.
And if you're not contributing to the music get off the stage.

As you might expect, Leonard Cohen got all of these, Crowded House were too loud and had a few bits of gratuitous lighting, but otherwise hit them. That's why I was happy with both concerts.

A (very) rough guess at final IANA IPv4 exhaustion

Wed, 03 Nov 2010 12:07:04 GMT

Still on an IPv4 depletion kick, I thought I'd join the betting pool and estimate when the IPv4 pool will run dry to the RIR's.

As we are today with the recent allocation of a another two /8's to APNIC last month there's only twelve /8's left, and as the final five are allocated differently[1] the estimate is the next seven allocations.

So, my guess is:

Arin are due to request two /8 essentially now, leaving 10

RIPE will be due for a pair either late-December or early January, leaving 8

APNIC will be due for another pair of /8 probably late January, perhaps early February, leaving six

The last normal /8 would likely be claimed by Afrinic at about the same time, leaving five

If IANA actually wait until a request is made to distribute the last five /8's then it will probably be APNIC making it roughly June, which matches Geoff Huston's excellent IPv4 report quite nicely, even if the pool is essentially dry before the end of February.

There's likely to be two mini-rushes, first after the last of the normal blocks go out, when the people with half a bran finally see the writing on the wall, and a second after the last five when even the literal walking dead should be able to see the writing on the wall for IPv4. Neither of these is likely to materially impact the dates, APNIC already goes through a /8 roughly every two months.

A nice alternate view can bee seen from Tony Hain, who suggests February the fifth as the date.

1: By my reading of ICANN lore it's the request for the first of the five that triggers distribution

Unadvertised large IPv4 allocations in the APNIC region

Thu, 21 Oct 2010 12:08:35 GMT

A few days ago I wondered how many of the large (/16 through /9)[1][2] IPv4 allocations were laying unused.

Armed with a copy of the APNIC whois data (An old one from the end of March this year) that I had lying around on my laptop, and a fresh dump of BGP routes from one of my border routers[3] (Monday night) I set to work.

From the whois DB I extracted 2,666 allocations, but as I've done no hand-verification there could be justified reasons for some of the unused routes. In at least one case it appears the blocks may since have been handed back, although given the size of the block in question (it's the /9 that's unannounced) I'd have expected at least some noise on one of the ops or RIR lists. Given the age of the DB any new allocations are most likely announced by now removing one source of error.

Then I simply matched my list of known allocations against the BGP tables looking for *any* route of that prefix, or longer (Valid source of error here if multiple contiguous blocks announced as a supernet, we often do this at work with a few of our /23's that were originally allocated as a pair of /24's). There's another issue that as *any* route is enough for me even a single /24 is enough for me to consider an entire /9 "in use".

Overall the allocations are very highly advertised, with only 13.5% of allocations unadvertised completely (on the public Internet, it's impossible to know how many may actually be in use behind NAT's). Converted into individual address that drops to 7.8%, much better then the Internet as a whole which sees roughly 38%[4] of allocations unadvertised. My numbers are so good for two reasons, first the aforementioned use of a single route (potentially a /24) to be enough for even a /9; second, as these blocks are larger they're far more likely to be assigned to people more serious about their networks, and even if they went out of business their network was likely sold as an asset.

Here's some rough statistics:

Length	Allocations	Unadvertised	Percentage Unadvertised	/16 Equivilent	/32 [5] Equivilent
/16	1,556	307	19.7%	307	20,119,552
/15	439	29	6.6%	58	3,801,088
/14	315	13	4.1%	52	3,407,872
/13	185	2	1.0%	16	1,048,576
/12	96	2	2.0%	32	2,097,152
/11	45	3	6.6%	96	6,291,456
/10	24	2	8.3%	128	8,388,608
/9	6	1	16.6%	128	8,388,608

In summary, of 2,666 allocations all but 359 are in use to some extent. Only the /16's (likely skewed towards legacy classful allocations) have any really significant amount of unadvertised blocks.

In terms of the coming IPv4 exhaustion we have 817 allocated /16's completely unused, for over 5.3M IP addresses, or ~3.2 entire /8's, giving, at the current consumption rate[6], just under two and a half months more IPv4[7].

Anyone interested in the raw data, or for more detail on the code is welcome to contact me, although as both data sources are freely available replicating, and even improving on, the results with current data sets should be fairly easy.

1: Due to the way I extracted the allocations from the DB dump extracting /8's or (potentially) larger was impractical.

2: For anyone who only knows "class-A", "class-B" and "class-C" subnets, a /8 is the same size as a "class-A", a /16 is "class-B" and a /24 a "class-C". These days those names should almost never be used.

3: From the perspective of AS45522, major upstreams AAPT AS2764, and NextGen AS38809. Box is a Juniper and directly peered with both major upstreams if it matters.

4: From Geoff Huston's IPv4 report

5: A /32 is equal to a single IPv4 address.

6: Consumption rate of the global pool, used in this example is 1.33 /8's per month.

7: Except, of course, it wouldn't as being a mix of lengths many requests may not be able to be satisfied from that pool.

Lenovo T410 first impressions

Mon, 12 Jul 2010 13:07:27 GMT

Well, first few days of impressions.

For anyone who's seen the previous generations of 14.1" ThinkPads I can sum this up by saying "just like the old ones only faster". Especially weight wise, without a scale that reads down the tens of grams there's simply no difference in weight from my old T61.

By far the most noticeable thing about the T410 is just how fast everything is. I have the Core i7 620M and anything previously CPU bound is incredibly fast. I also have the 8GB of ram, but that's not much of an upgrade over my old T61 which had 6GB as it simply wasn't stable with 8.

The 1440x900 LED lit screen is a nice improvement, although as always I wish I could run the screen darker at night. As for the new Intel graphics, there appears to be no improvements, but that could simply be the slow pace of feature support in the X drivers. Given the number of video outputs (internal LCD, DisplayPort and VGA on the laptop itself, four digital plus VGA on the dock) it's a real shame that it only has two CRTC's (essentially screen outputs), the ability to drive my entire quad-monitor setup on my work desk from my laptop would have been awesome. Each of the outputs (plus a non-existent internal HDMI port) is listed in xrandr for a total of eight outputs.

The battery life appears to be excellent, with the 9-cell claiming 6 hours even when I leave my Win7 VMware running. That should mean that with the "slice" battery (a clip on battery with a further 9 cells) I should hit well over 10 hours, more then enough for a conference day. Even the regular 6-cell battery should cover most of my needs, and would be a nice weight saving.

The old ultrabay battery is gone, as the ultrabay is now just a standard laptop DVD sata interface. Although this means losing some features there's certainly something to be said for standard interfaces. What's also headed to the common, this case for the worse, is the environmental monitoring. Older thinkpads had up to a dozen temperature sensors which were great if, like me, you like your systems silent, and the ability to turn on the fan at the last second helps. Now there's only one sensor exposed by ACPI making things a little more coarse.

Although I bought mine with the inbuilt Qualcomm Gobi 2000 3G, and installed my existing 3G SIM before ever booting Linux it seems as though I'll have to wait until 2.6.35 (and the associated VMware update) before I can use it as Debian isn't going to release a version with mjg59's patches. Hopefully 2.6.35 drops soon so I turn my laptop into a portable Stratum 1 NTP server.

As with my T61 I have the dock at work to save connecting (seriously) ten cables every day. Like my old T61 the T410 does two external monitors, but with the new dock they can be two Digital ports, with two DVI and two DisplayPort on the dock, plus a VGA. The one feature of the old dock that's now gone is a SPDIF port, which I used to plug into a high quality external DAC that then drove my Stax Earspeakers (Lambda 404's that were, until today, driven by an SRM-323II, but now has a tube output SRM-T1). However in theory the DisplayPort outputs have audio, but to use it I need chain that goes DP->MiniDP, MiniDP->HDMI w/audio, HDMI digital audio splitter, HDMI->DVI (as I still need to drive the monitor).

All this sounds wonderful, but there three big downsides. First the touchpad is near useless in Windows as it can't be sped up enough, oddly in Linux it came up just as I had on my T61, it also has bumps all over the surface that just annoy me, although even in these first few days they've worn down a lot. Second the bottom edge is now at an angle, a decent idea, except everywhere the ports pop out there's a square bit, making it seem a little odd. Lastly there's a hard mould line just on the front of the palm rest that does a good job irritating the skin of my wrists, although that should hopefully wear down quickly.

All up, for the $2200 that this machine cost after discounts (an end of financial year plus a referral code gave 55% off) it's an excellent machine that I'm happy I bought.

Thoughts on Ethernet Switching

Tue, 06 Jul 2010 07:38:53 GMT

I've recently been asked for advice on ethernet switches by several different people. Here's my opinion on the state of things.

Caveats:

Some of the support issues are Australia, and even Melbourne specific

If I don't list a brand I've not tested it (vendors are welcome to offer loaners)

I only care about managed switches, VLAN's are essential

For L3 switches I want IPv4 & IPv6 with OSPF & OSPF3, doing MPLS as a P router is a bonus

This is my opinion with my biases

Top Tier Vendors

Cisco

Cisco makes bulletproof switches, but they are quite expensive for people who don't buy them by the pallet load, and unless you purchase the Cat 6k or 4k they're fairly light on the complex L3 features. They also have a nasty habit of, in their larger switches, being heavily oversubscribed and not making that obvious. They also only recently added stacking in their L2 edge switches (the 2960 line that is actually price-competitive).

On the upside the Cisco IOS is well known and it's very easy to find techs for it.

Juniper

Juniper are a recent entrant to the switching arena, but they've brought their routing feature set over. This means that while some complex switching things may be hard or even missing, complex routing can be done with ease. We have some installed at our office that have three separate routing tables to meet our needs (Management, public addressed, and private addressed).

The EX-4200 are by far my preferred 1ru stackable switch at the moment, the only issue being the low 10gb density, which will be addressed when stacking is added to the new EX-4500 later this year.

The major downside with Juniper is that it's still hard to find staff with experience, and as Juniper are the only major vendor with an OS that isn't "inspired by" (a rip-off of) Cisco's IOS this is actually an issue, Juniper do make available some simple training that is enough to bring a competent person up. However the benefits of JunOS, mainly atomic changes and revision control quickly outweigh the time taken to learn it.

Combined with their MX series there's a *very* powerful platform for complex setups.

Brocade (Foundry)

Foundry networks, purchased by Brocade in late 2008, is another vendor many in the corporate space have not heard about as they've been generally focused on the service provider market. Their switches are good for L2 edge or simple L3 work, but aren't quite up there for some of the more complex L3 tricks of Juniper or high-end Cisco's.

Foundry's IronWare is easily the closest recreation of IOS short of the clones, albeit with some odd bugs and limitations (for as long as I've used it backspace doesn't work and you have to hit Ctrl-h).

Extreme

Extreme make some nice looking kit, with nice combinations of ports and stacking. L2 and basic L3 work, although they advertise some advanced L3 support (eg, virtualisation) they don't make it clear that you can't use it on some switches they claim to support it on (eg, two virtual routers, one fixed for management, one normal)

However their Linux-based XOS lets them down. They also have demonstrated not just inability to support the hardware in Australia, but inability to support the software as well, giving them the odd distinction of being the only vendor we've stopped paying support to because we simply get no value from it.

Force10

Force10 are another new name to corporates, they're out of the supercomputing field, and are well regarded as good high-density high-speed switches. I've yet to use any, but have heard good things.

Second Tier Vendors

HP / 3Com

There's actually three switch lines in the HP stable these days. (HP produced) ProCurve, rebadged Brocade, and the newly purchased 3com.

HP ProCurve

The HP ProCurve gear has generally been a decent choice for basic L2 aggregation jobs. Nice solid hardware, ok feature set. Another division of the company uses these at their colo doing simple L3 jobs, and they work fine, not my preference.

One major downside of the HP kit is they lock down SFP's to only HP branded ones. Most of the top tier vendors have tried this before, at least in some kit, but to the best of my knowledge all have backed down (even Extreme).

3com

For many years around the time 100Mbit ethernet was gaining a foothold 3com was the premier switch manufacturer, until Cisco delivered the Cat 2900 series and stole the market. These days a little feature poor compared to the top tier vendors they're still good edge and aggregation switches. I've no experience with their L3 functionality however.

Dlink

Dlink's better switches are decent for edge switching with vlans at a very reasonable price, especially with PoE. Their lower end unmanaged gear is fine for fan-out purposes as well. They have versions with L3 support, but I've not used them.

Melbourne International Comedy Festival 2009 - The Preview shows

Sat, 04 Apr 2009 04:06:26 GMT

Once again I'm going to try and post about all the shows I've seen, although given that I'm seeing over two dozen I'm not even going to try one post per show. So here's the five shows I've seen in the first three days of the festival presented in cronological order. All of these were preview shows so had a few rough edges which generally just added to the enjoyment.

Goth v Nerd - A short double stand-up show, if you read PLOA or wear anything best described as "shiny & black" you're the target audience.

Sort of the Rings - Another short parody re-telling of LoTR, with audience partiticaption and helium orcs.

Otis Lee Crenshaw (Rich Hall) - American stand up followed by comedy country music. If you watch any of the comedy shows on TV you've probably seen Rich before.

Collingwood Club Therapist (AKA Ben Coussins the musical) - This one is only really for the footy tragics, particularly of the Collingwood persuasion, but "Ben Coussins the Musical" is just *classic*

Highly Sus - This one is more for the legal/criminal tragics, three perps, are they telling the truth or are they "Highly Sus"

All five shows were quite entertaining, and if you think they're up your alley (and you're in Melbourne) you should certainly make the trip.

Tonight's show is Heath Franklin doing "Choppers F%@#ing Bingo".

Bookshelf Speakers

Fri, 27 Mar 2009 12:39:14 GMT

This week I've upgraded the turntable in my second hi-fi setup at home (my main setup has yet to get a 'table, mainly as I haven't got around to getting a proper pre-amp for it) with an old Systemdek IIX, one modifed with a Rega (RB-300) arm and Grado (8MZ) cartridge, and, after a stylus replacement on the Grado (which cost more then the entire 'table setup) I now have a very nice system which has been home to some lovely John Coltrane LP's that had just arrived.

Unfortunatly this upgrade now reveals that my Auratone's have gone from being a nice compliment to now being the obvious element holding my sound back.

So now I'm looking for new bookshelf speakers (and possibly a sub) to replace[1] them.

The current contenders (roughly from least, ~$1k/pair, to most ~$3.5k/pair expensive):

Dali IKON 1 (w/Dali IKON Sub)

PMC DB1+

Tannoy Autograph Mini

Fortunatly both PMC and Tannoy have local dealers from who I should be able to get a trial.

Much as I've always wanted a pair of PMC's I always thought they'd be at least the IB2 or above, not the "dinky" ones.

If there's anything people think I've forgotten that's bookshelf size, and < 5kg each I'd love to consider them.

1: Not that the Auratone's are going, they will just move into the studio as a comparison monitory (which they should have been from the start).

Need LP storage

Sun, 01 Mar 2009 14:19:14 GMT

I'm after some form of shelves for my record collction (99% 12", with just a handful of 7"s). I've got too many for milk crates and want something I can actually flick through and keep in (semi-) order.

Any ideas?

Parallell loop execution in shell scripts

Wed, 04 Feb 2009 01:10:26 GMT

Dear lazyweb,

Is there a way to have for loops (or any loop for that matter) in shell run in (controllable) paralell?

I'm thinking a makefile hack could work, but for given the several hundred iterations it would get ugly.

Ahh, stupid meme's

Thu, 22 Jan 2009 12:17:10 GMT

So here's the latest.

Yeah, I guess I might post about LCA some time after I make it back to Melbourne (oh, and am sober, which seems to be rarely at LCA outside of sessions)

Julien Goodwin

Raspberry Pi debian notes

Security

Regenerate SSH keys

Consider disabling NFS client (the sole open services by default)

Delete the pi user

Minor bits

Keyboard layout

Time zone

Console Blanking

Debian Mirror

Swap

Expanding the filesystem to use all (or just more) of your SD card

*WARNING* This is only applicable to the 19/April/2012 Debian build, it's very easy to destroy data by doing this wrong.

Lab equipment: Juniper

What I enjoyed at linux.conf.au 2012

The "Qantas Feedback Panel"

The obliagatory 30000' post

JunOS apply-groups

An efficient, yet high performance, PC

Gnome3

"The Limoncelli Test"

Thoughts on Juniper's new switch introductions

Juniper Qfabic, what's missing?

Ultimate optical platform for metro/regional core transport

Moving to Sydney

New Years Eve Video's

JunOS version comparuson

How to make a concert truely excellent

A (very) rough guess at final IANA IPv4 exhaustion

Unadvertised large IPv4 allocations in the APNIC region

Lenovo T410 first impressions

Thoughts on Ethernet Switching

Top Tier Vendors

Cisco

Juniper

Brocade (Foundry)

Extreme

Force10

Second Tier Vendors

HP / 3Com

HP ProCurve

3com

Dlink

Melbourne International Comedy Festival 2009 - The Preview shows

Bookshelf Speakers

Need LP storage

Parallell loop execution in shell scripts

Ahh, stupid meme's

WARNING This is only applicable to the 19/April/2012 Debian build, it's very easy to destroy data by doing this wrong.