For the two people that care I’m migrating to a new OpenPGP key. I created the old key way back in 2001 so it is time to move to a longer RSA key instead of DSA. The new key also uses the stronger SHA-256 hash.
You can find the signed (with both the old and new key) transition note at:
http://www.coverfire.com/files/key-transition.txt
Here are a few useful links for anyone else making this transition.
A friend at work recently pointed me to a Python tutorial called Learn Python the Hard Way. It’s very basic but the later part has a little opinion chapter titled Advice from an old programmer which is worth taking the time to read. Below is one quote from this chapter.
Programming as an intellectual activity is the only art form that allows you to create interactive art. You can create projects that other people can play with and you can talk to them indirectly. No other art form is quite this interactive. Movies go out to the audience. Paintings don’t move. Code goes both ways.
Programming as a profession is only moderately interesting. It can be a good job, but if you want to make about the same money and be happier you could actually just go run a fast food joint. You are much better off using code as your secret weapon in another profession.
The other day I found Gephi which was used to create these amazing graphs based on GitHub data. So I thought it might be fun to pull some data into Gephi and play with it. I decided on using the Twitter API to obtain all of the Tweets related to the upcoming Canada 3.0 conference in Stratford, ON, CA. I used the ‘can30’ hash tag as the search term but since the Twitter search only returns Tweets less than seven days old the history is limited.
I used Python and igraph to create the graph and exported it to GraphML which Gephi can import. Here’s the resulting GraphML file if you are interested.
I also used igraph to export PNG and SVG versions.
The nodes in the graph are Twitter users. The size of the node is relative to the number of new Tweets with the #can30 hashtag. By ‘new’ tweets I mean not re-Tweets. The edges represent re-Tweets and the width of the edges are relative to how many times the source user re-Tweeted the destination.
Based on the graph, Canada3Forum is the largest source of new Tweets followed by tobidh and there are lots of users re-Tweeting Canada3Forum’s messages.
Canada 3.0 on Twitter
The competition between browsers in the area of Javascript performance has led to some pretty dramatic performance increases in the last couple of years. A lot of this has been accomplished through Javascript just in time (JIT) compilers. What JITs do is convert the Javascript into native instructions which execute a lot faster than more abstract forms. The one downside to this approach is that each native architecture must be supported to get the speed boost.
If you follow Javascript performance you know that recent versions of Firefox have a JIT. What you may not know is that there is no JIT in Firefox for x86_64. This isn’t that big of a problem for Windows since there are so few 64-bit windows users but Linux distributions have been native 64-bit for quite some time. So if you’ve installed a 64-bit version of your faviourite Linux distribution you are getting far slower Javascript performance in Firefox than if you had installed the i686 version. How much slower?
The following benchmarks were executed on an i7-930 running Fedora 12, Firefox 3.5.8 and Epiphany 2.28.2. The benchmarks I used are the SunSpider and V8 Javascript benchmarks.
| Browser/arch | V8 (higher is better) | SunSpider (lower is better) |
| Firefox i686 PAE | 402 | 1002.6ms |
| Firefox x86_64 | 277 | 2131.2ms |
| Epiphany x86_64 | 887 | 1261.0ms |
These results show that the Javascript performance of i686 Firefox is a lot better than x86_64. The Epiphany web browser is based on Webkit which, based on these results, I’m guessing does have a x86_64 JIT.
In one of my pet projects I’ve been using Twisted and txamqp. I use Twisted’s twistd to launch the service but unfortunately txamqp doesn’t come with any examples of how to use it with twistd. So I wrote a factory and protocol which makes it trivial to use txamqp with twistd. I haven’t tested it extensively but it appears to survive losing the connection to the AMQP server and reconnecting. I’m far from a Twisted expert though so please let me know if this isn’t the way it supposed to be done.
You can find the code in my Git repository.
The good people at ProcessOne noticed my dent and blog post about ejabberd’s default configuration. They have already committed changes to restrict MUC room and Pubsub node creation to local users and have opened a ticket to discuss disabling in-band registration.
Thanks ProcessOne.
I upgraded my ejabberd to 2.1.0-rc1 today and while doing so decided to start with a fresh ejabberd.cfg. This reminded me of something I noticed when I first switched to ejabberd but forgot to blog about. The default permissions in ejabberd are a bit surprising.
Before I go into details, I’m not arguing any of these problems are the end of the world but I think it would make lot of sense for ejabberd to ship with a safer configuration and allow administrators to open things up if desired.
The default MUC (XEP-0045) access list is:
{access, muc, [{allow, all}]}.
This access list allows all JIDs, even those on remote servers. The default MUC configuration uses this access list for all operations.
{mod_muc [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin}
]},
As a result, the default configuration allows users on other XMPP servers to create rooms on the local MUC server. Probably not that big of a deal but I don’t see a good reason why my server should be hosting channels for external users. Worse, would I be responsible if the channel was used for some nefarious purpose?
I created a new access list which only allows local JIDs and used this access list for access_create and access_persistent.
{access, muc_create, [{allow, local}]}.
{mod_muc [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc_create},
{access_persistent, muc_create},
{access_admin, muc_admin}
]},
The default Pubsub (XEP-0060) permissions are:
{access, pubsub_createnode, [{allow, all}]}.
Again, this allows all JIDs, even remote ones to create nodes on the Pubsub server. I changed this to the following.
{access, pubsub_createnode, [{allow, local}]}.
This really amazes me. In-band registrations (XEP-0077) allows users to connect to an XMPP server and create new accounts. This is enabled in the default configuration that ships with ejabberd.
{access, register, [{allow, all}]}.
I wonder how many ejabberd servers there are with unexpected users?
The solution is documented immediately above the register access list definition.
{access, register, [{deny, all}]}.
I just finished reading Create Your Own Economy by Tyler Cowen. The overall theme of the book revolves around Autistic thinking and framing effects. The author posits that autistic thinking has benefits that we all can learn from. The discussion of framing effects is less coherently spread throughout the book but suggests that people can decide what is important and improve their lives by choosing how to look at the world.
While I found the Autistic meme to be stretched, there are many valuable insights into Internet communications, economics and psychology. There is also a strong defence of modern bite sized culture which is really worth thinking about if you pine for the glory days of traditional culture.
I’ve been doing some more experimentation with Linux QoS configurations using my ping-exp utility. Today I noticed that whenever I add a SFQ to the configuration there are large latency spikes. After a bit of digging it appears that these spikes happen when the SFQ changes its flow hash. This occurs every perturb interval as configured when the SFQ is created.
Below are the results from a couple experiments which show this behavior. For both experiments I had two outbound ping floods of MTU sized packets. This saturated the outbound link. The experiment itself pinged three other hosts. I made sure to use four distinct hosts (one for flood, three for the experiment) to avoid collisions in the SFQs flow hash.
The PNGs below are not ideal for detailed inspection of the graphs. However, you can also download the data files from the experiment and load them using ping-exp. This allows zooming in on the graph. See the links at the end.
HTB SFQ limit 10 perturb 5
The above graph is based on an experiment where the perturb value was set to five seconds. Although the large latency spikes do not occur at every five second interval, when they do occur they are on the five second grid.
HTB SFQ limit 10 perturb 20
The second experiment used a perturb time of twenty seconds. Again, the latency spikes do not occur every twenty seconds but they do occur on the twenty second grid.
During the experiment I ran a packet capture to make sure there wasn’t any activity that might skew the results. The amount of captured traffic was very small.
The network I performed this experiment on consists of a P3-450 Linux gateway where the QoS configuration is applied to the ppp0 device. The kernel version is 2.6.27.24-170.2.68.fc10.i686. A host behind the gateway was used to generate the ping floods and run ping-exp.
Configuration and data files
HTB SFQ limit 10 perturb 5 script
HTB SFQ limit 10 perturb 5 ping-exp data file
Tomorrow the Canada 3.0 conference starts. Since I am attending the infrastructure track I thought it might be useful to collect a bunch of links relating to the Internet as infrastructure.
http://www.linuxjournal.com/content/why-internet-infrastructure-need-be-fields-study
http://lafayetteprofiber.com/FactCheck/OpenSystems.html
http://news.cnet.com/Fixing-our-fraying-Internet-infrastructure/2010-1034_3-6212819.html
http://www.interesting-people.org/archives/interesting-people/200904/msg00168.html
http://www.interesting-people.org/archives/interesting-people/200904/msg00175.html
http://cis471.blogspot.com/2009/04/why-is-connectivty-in-stockholm-so-much.html
http://www.linuxjournal.com/xstatic/suitwatch/2006/suitwatch19.html
http://publius.cc/2008/05/16/doc-searls-framing-the-net
http://free-fiber-to-the-home.blogspot.com/