Extra Pepperoni

To content | To menu | To search

Tag - Subversion

Entries feed - Comments feed

Sunday, December 28 2008

Interview Oddity

I have wondered if an interviewer would see this blog or my homepage, or my Twitter feed, and today it happened. Bobby Brill, at NYU, not only had a copy of my resume, but he also had a copy of my System Admin Interview Questions from Rockefeller. Goldman and a few other financial companies I interviewed with a year ago used a very different interview format, but they used the same format, which makes me think they all copy from each other.

I later met with a couple people who would be teammates at NYU (whom I knew socially already), and they mentioned my interview questions as well. Alas, I didn't get to sail through purely on knowing those answers, but I'm glad they're doing someone some good, at least for entertainment.

Note: I wrote this post in November, but didn't post it immediately -- I wanted to wait until the interview process was over.

Saturday, December 27 2008

New Job: MSKCC

I just realized I hadn't posted my new job here.

My post-Goldman job hunt was mercifully brief. As of December 8, 2008, I work at Memorial Sloan-Kettering Cancer Center, within the Sloan-Kettering Institute (SKI is the research arm, as opposed to Memorial Hospital). I'm in the Bioinformatics Core of the Computational Biology Center.

The office is a block away from Rockefeller University, and I work with several other ex-Rockefeller people. The work itself is similar in many ways, and I much prefer it to GS. My first project (aside from figuring out my way around) is sorting out some Sun Thumpers, so I'm doing hands-on ZFS -- which I had read about but not really used before.

Monday, February 18 2008

System Admin Interview Questions

I was quite impressed by Joel's description of the hiring process, and we've been doing a lot of interviewing for System Admins lately. I put together a list of standard questions to ask during interviews, which has been quite helpful in judging a) how much technical knowledge people have, and b) (just as important) how good a match they are for the skills void we were trying to fill at the time. Here they are, for the next person who needs to perform a similar exercise.

  1. How many systems does your team manage (Linux, Solaris, Windows, etc.)?
  2. How large is your team?
  3. Which OS are you most comfortable/familiar with?
  4. Which Linux flavors are you most comfortable/familiar with?
  5. Which Red Hat versions are you familiar with?
  6. Are you familiar with kernel programming or configuration?
  7. Have you done any custom packaging or kickstarting?
  8. Have you used or managed Sun JumpStart?
  9. How much experience do you have with Sendmail?
  10. ... NetWorker? Version? Managing backups, or just configuring clients?
  11. ... LDAP? Brand & version? LDIF or just querying?
  12. ... firewalls (iptables, ipf, etc.)?
  13. ... network administration (Cisco, sniffing, etc.)?
  14. ... Apache httpd?
  15. ... Tomcat & Java?
  16. ... EMC (Clariion, PowerPath)?
  17. ... shell scripting, and with which shells?
  18. ... perl scripting?
  19. ... Veritas VM/FS? Versions?
  20. ... Veritas Cluster, or other HA? Versions?
  21. ... snapshots? In which products?
  22. ... load balancing
  23. ... Oracle (as SA, not DBA)?
  24. ... HPC?
  25. Please briefly explain the difference between RAID 1 and 5. What are layered RAID levels, and when are they appropriate?
  26. What sizable projects have you done recently?
  27. Why are you leaving your current employer / did you leave your last employer?
  28. Please give specific examples of some routine tasks you've performed recently.
  29. Have you done systems specification and design (servers, multi-server configurations)?
  30. Have you worked with customers directly, or primarily with/for other IT personnel?

It didn't make sense to publish a list of questions when I was involved in the interviewing process, but now that I'm leaving Rockefeller and no longer interviewing UNIX Admins for them, I can post my sample questions.

Friday, February 8 2008

HP c-Class c7000 Chassis & Onboard Administrator Notes

The Onboard Administrators (we got a pair for redundancy) each ship with a unique password. When you connect them, it appears the active OA resets the standby password to match the active. This was a bit confusing, as OA #2 came up active, and the passwords were not as expected; SSL certificates are created and reloaded in terms of "Active" & "Standby", so I initially loaded new certs onto the wrong OAs.

ssh Implementation Flawed

The OAs support ssh access and ssh keys, but apparently only for the single Administrator account. This is documented incorrectly -- the docs say the last word on the key line is the username the key is for, but actually they're all linked to Administrator. HP Support doesn't know much about it. It's bad when security features don't work as documented -- in this case, it would be easy to follow instructions and upload a key for an unprivileged Operator or User account, unintentionally granting full Administrator access -- we had this for a while, until I figured out what was really going on.

The web interface doesn't allow copy & paste of keys -- they must be downloaded by the OA from a web server. Afterwards, though, the public keys (which had to be accessible on through a web server, remember) are not visible to other authorized users of the OAs -- only Administrator can see or modify keys. Feh.

Additionally, the web interface shows line breaks as '^', so the keys look corrupt. Despite this they work, and display correctly in the command-line interface.

OA doesn't automatically configure its accounts onto blade iLO. Instead, it creates an account for OA itself on each blade's iLO. This is a bit odd, as it means authorized users cannot connect directly to iLO -- instead they must connect through an OA, and have the OA login, before using iLO. We will presumably use the Compaq iLO configuration language to deploy our accounts to iLO, but this shouldn't be necessary.

Good News

On the bright side, the chassis is easier to mount than our (smaller) IBM BladeCenter chassis; it's also better labeled. The Onboard Administrator interface is better laid out, although it doesn't work in Safari (seems fine in Firefox/Mac). The command line is a bit less bizarre than IBM's.

HP makes it easy to dump the configuration to a text file, tweak it, and load it into another chassis, although we haven't tested yet; they call this "Configuration Scripts".

Friday, February 1 2008

Goodbye RU, Hello GS

I have accepted a position at Goldman Sachs in Jersey City. Leaving Rockefeller after 7 years as a UNIX admin (and an earlier 3 doing Mac support) was a tough decision. I learned a lot, and worked with a bunch of great people, but it is definitely time for a change. I expect to start February 25th and immediately enter firehose mode, as Goldman is so different than the other places I have worked. I'll still be a UNIX administrator, but the specifics of the role will of course be totally different. Among other things, I have to start thinking of "security" as something people exchange, rather than the never-ending attempt to fend off bad folks.

Wiring Art

The Pretties

Inspired by When data center cabling becomes art from Andrew T Laurence & Chuck Goolsbee's pics of Digital Forest, I took some photos of Rockefeller's new data center. We've been planning out various scenarios for 5 years at this point, but we finally moved most of our systems in this month. Note that the network guys (mostly Eric) took care to run cables connecting to ports on the left half of each device in from the left, and come in from the right for ports on the right. This makes more work for them in preparation, since one cannot simply plug a cable into a free port, but makes things look prettier, and also reduces cable snarling. 3 KVMs & baby + LCD

More Connectivity, Please

Since we first started discussing data center plans, I've been saying we need more connectivity. The new DC has 48 patches per 42U rack, and some of the new racks are indeed running out of ports before they run out of vertical space. In our racks 2U is used for patch panels and 2 cables control APC managed power strips, so we have 40U and 46 patch ports for servers. Our Linux servers have Ethernet, serial console, & KVM; Suns have Ethernet & console; Windows have Ethernet & KVM. In the worst case, 40 1U Linux servers need 120 connections, but we only have 46 available. If the rack is full of 2U Suns & Windows servers, we're okay with 6 'extra', available for dual-connected servers or whatever. As we get more dense, we begin to run out of ports. Cat6 flowing down


Blades are no better -- their chassis tend to blow out the power budget because they're even more dense than 1Us (although they do get more servers per rack), and with all the redundancy they still require a lot of cabling. For a reasonable IBM BladeCenter, we need 4 x 2 for GE switches (FC cables don't go in these patch panels). Then 2 x 2 for (Ethernet & KVM) for management modules per chassis = 12 ports for 7U. For our new HP c7000 chassis with basic networking, we have 16 GE ports, 2 GE console ports, 2 OA Ethernet ports, and 2 2 OA serial ports (again, ignoring the fiber-optic GE ports): 22 ports in 10U. I'm sure somewhere HP has demo chassis, filled them with fully-connected GE switch modules: (9 x 8 + 4 = 74 patches) & (4 x 8 = 32 fiber-optic ports) = 106 cables total (not counting power connections -- 6 in our case). In 10U -- 1/4 of a rack -- insane! c7000: 30 ports

Update 2008/2/5: Eric pointed out I was wrong about the ports -- the Cisco switches have 8 uplink ports, 4 of which are either fiber-optic or copper (you can see they're 17-20 in the photo); the other 4 copper ports seem intended for cross-linking to the other switch. So the max copper patch count remains, but the the fiber connections would be instead, rather than in addition, and we may fully connect our 2 switches with only 8 GE uplinks rather than 16 going out of the chassis.

Saturday, December 8 2007

Upgrading from Tiger Server to Linux

For over a year now, I've been following the development of Mac OS X Server 10.5 Leopard and testing betas, and anticipating upgrading reppep.com from Tiger Server on a dual 1.25GHz Power Mac G4 to Leopard Server on a dual 2GHz Power Mac G5. Over the weekend I had a change of plans, though.

Although I support Mac OS X Server at Rockefeller, I don't recommend it for most requirements, as Linux compares favorably for transparency (some of the MOSXS internals are unique and poorly documented), server software compatibility (although Macs are quite good here too), and price/features at the low end. A Core Duo Mac mini has plenty of juice to saturate our 768kbps/3mbps DSL circuit, but adding a couple drives more than doubles its price, and Apple's software RAID is quite broken; Linux software RAID is apparently quite good; I might eventually switch to hardware RAID. An Xserve is a great piece of hardware, but it's a bit exotic and I can get a fast generic PC cheaper; I don't want all the high-end features for a box that sits in our apartment.

Additionally, I've read perhaps 600 pages of docs on Leopard Server, and had at another 400-1500 yet to go. This is an investment I was finding hard to justify. The migration process is quite complicated, and Apple doesn't support migrating accounts from a Tiger system to a Leopard system -- I don't want to do an upgrade. I could clone the G4 to the G5 and upgrade it there, but I prefer to handle upgrades as scratch installations with manual migration of applications, so I know exactly what's been done. A lot of this is masked by upgrade procedures.

As part of this, I've decided to invest a bit more time in learning RHEL5 -- we have a couple systems at Rockefeller, but not much in production yet, and now seems like a good time to dig in some more.

Fortunately, all the services I've been using on reppep.com are available on Linux (and FreeBSD), so aside from another incredibly inconvenient password change cycle (for which it is arguably time anyway), the switch should be largely transparent to reppep.com users, although I still have plenty of research to do.

A brief timeline of reppep.com

  1. 1999: I left the National Audubon Society, and bought the Power Mac 7300 with accelerator card I'd been using there. I set it up with LinuxPPC and Apache, and started offering free web hosting to friends & family. LinuxPPC was eventually discontinued.
  2. I upgraded from LinuxPPC to Yellow Dog Linux, which was better than LinuxPPC, but had serious flaws.
  3. 2001: I was working on a couple remote FreeBSD machines (as admin of the Info-Mac server, and a user on the Apache Software Foundation userhost), and decided to learn more; I bought a cheap Celeron PC and installed FreeBSD 4.3 (IIRC); I upgraded through about v5.1 and a Pentium 4 (giving the Celeron box to the Info-Mac Archive, where it became the Info-Mac server for a while). I learned a lot about FreeBSD and UNIX in general, but eventually realized I was investing more time learning FreeBSD than I could justify. The best thing about FreeBSD is not a technical feature, but rather that the user community is so rich with knowledge. Reading the FreeBSD-STABLE list was amazing, as there was so much depth, freely shared with the community. While running on FreeBSD, I added mail services to the web services I had been offering. Note: Disruptions to personal email service are much worse than problems with personal web service.
  4. 2005: It became clear that I needed anti-spam, so I began researching SpamAssassin. While I was figuring out how to build the SMTP sandwich, with a public untrusted Postfix listener on port 25 & 587, and a filter, and then a listener on a high port like 10025 to accept and deliver mail to actual users, I installed a beta of Mac OS X Server 10.4 "Tiger", which had the whole thing implemented, plus ClamAV as a bonus. I started testing heavily before the release, and switched to MOSXS 10.4 shortly after it was finalized. It's been very good, but as time has passed, I've had more and more problems. In particular, Apple chose to use Cyrus as an IMAP/POP server, and Cyrus is complicated, but Apple ignores the complexity; this can make troubleshooting impossible. The SpamAssassin installation is slightly broken; it's a bit too old to offer the newer SpamAssassin self-upgrade mechanism. Server Admin is great, but has a bunch of bugs around SSL certificates, some of which destroy the certificates. Blojsom was nice, but Apple's installation was very unstable; I eventually moved my blog to WordPress hosted externally.
  5. 2008: I intend to switch to CentOS 5.1, which is basically a (legal) no-charge clone of Red Hat Enterprise Linux 5.1. This should make future upgrades a bit more straightforward, as I won't have to deal with Apple's Open Directory (OpenLDAP); it will also give me a bit more experience with RHEL5, which is a better investment for my time than Leopard Server.

Thursday, November 1 2007

As a system admin, excitement is generally bad: HVAC Oops!

machine room pictures

So today they cut the wires to our main machine room's A/C. This occurred as part of the general campus work, which is why we were expecting to be out of our old machine room by now. Alas, the new machine room is not quite ready yet, so our primary systems were in a very warm room. It was a bit uncomfortable working there, although not too bad.

So around 3:30, my bosses (2) came over to ask me what could be shut down; in a perfect world, this would be just stringing a bunch of hostnames together, between "dsh -w" and "shutdown -h now" (for Linux) and "shutdown -y -g0 -i5" (for Solaris), from my desk. Instead I tromped over and started reading labels on servers (many of which were out of date -- now updated!), and deciding what we could do without, calling users to ask them which machines could be turned off for a while. We had my boss, boss^2, and boss^3, as well as a bunch of the Plant Ops guys and their boss.

After I'd shut down a dozen or so, they told us the A/C might be back within 15 minutes (hooray!). The first repair didn't hold (fuse immediately blew), but within 25 minutes we had (partial but insufficient) A/C, and I turned most things back on.

For a while we opened the door to the FDR drive, which cooled the room a bit. I got a few pictures of the drive and of blinkenlights.

Monday, October 22 2007

Rockefeller Updates

I stopped posting about the Super-Tent, because not much has changed since we moved in. I did get a bigger desk when Mark left Rockefeller, which matters to me but not much to anyone else. I have continued to take pictures of Rockefeller as the various construction projects proceed, though.

Wednesday, October 3 2007

Old School: Ancient UNIX

Rockefeller University, where I work, was one of the original UNIX sites. In 1975, Mel Ferentz held what was apparently the second UNIX users group meeting (it is not clear if he was one of the organizers of the first meeting, in 1974). Mel went on to build USENIX out of those meetings. He moved on to Rockefeller University soon after those first meetings; just before I started at RU Computing Services, Mel stepped down as Director of RUCS, and moved on to develop Internet2 at NYSERNET.

Last week, Mark Kowitz left RU IT (RUCS after a name change), where he had worked for 23 years. Mark met his wife, Robin, in RUCS over 20 years ago. I met Amy there too, when I started in 1992 (I left in 1995, and Amy left in 1996; I came back; she has not). While cleaning out his papers, Mark found some old documentation on booting UNIX on the PDP-11/70, VAX 11/750, and VAX 11/780, and passed it along to me. Mark doesn't remember whether he or Mel wrote the documentation, but it is visibly classic UNIX documentation (distinctive fonts and layout).

Ancient UNIX boot instructions

You can see some more about booting PDP-11 UNIX (in emulation) at Ancient UNIX, 8bitsunplugged.org Digital Archeology, and Amit Singh's GBA UNIX.

To give you some idea of how much water there has since been under this particular bridge, UNIX was first developed on a DEC PDP-7 in 1969. Digital Equipment Corporation was basically bought by Compaq, which itself was later acquired by HP. This version of UNIX contains Western Electric license statement; UNIX was createdat Bell Labs, which was jointly owned by Western Electric and AT&T. Bell Labs was later absorbed into AT&T, spun out as part of Lucent, and merged with Alcatel to become part of Alcatel-Lucent.

AT&T split off UNIX into UNIX System Labs, which was later bought by Novell. Novell sold much of the UNIX business to Santa Cruz Operation, which sold its UNIX rights and the "SCO" name to Caldera. SCO changed its name to Tarantella and Caldera transformed itself from a Linux company into a UNIX company named "SCO Group". Alas, Caldera didn't make money either way, and eventually sued the world -- IBM, Novell, various of its own customers, etc.

Along the way, several BSDs were created to provide an alternative to AT&T's UNIX, later providing a family of excellent UNIX-based operating systems (including the core of Mac OS X). In contrast, Linux was launched in 1991 by Linux Torvalds, born in 1969, the same year as UNIX.

Those little pages are quite a time capsule!

Another paper, by Dennis Richie: http://cm.bell-labs.com/cm/cs/who/dmr/cacm.html.

Friday, August 3 2007

Lots of Construction on Campus

The Super-Tent/IT Pavilion/Big Top/Big House fronts on the main RU parking lot, at the other end of which is the 66th St Gate. Except that after we moved in, they walled in the lot and started digging:

Parking Lot and Super-Tent

They still haven't started on Smith Hall, though, which makes me wonder why we couldn't still be in a proper building now. In the meantime, the main campus entrance and driveway are closed, along with the parking lot, under which a new electrical vault will be built. Getting around campus is much more complicated now than 6 months ago. This is especially true for IT, moving equipment around the tent, as the pathways and steps around the periphery don't quite work for carts.

Our new main data center is nearing completion. It was previously our backup/disaster recovery site, so needed a lot of build-out to fit the rest of our servers. The swap from the older/smaller UPS system to the newer/larger one will be tricky, as several live servers will be switched over while running. Later we get to swap systems end-for-end across campus, so the primaries are in the primary DC, once their current location becomes the DR site. Needless to say, most of our systems are not redundant, so there will be a bunch of minor disruptions.

Stu Cohnen

Stu, who is overseeing the build-out of what will largely be 'his' DC, showed me why Cat6A cabling is so much thicker (and thus harder to work with) than old-school Cat5 UTP ("Unshielded Twisted Pair") -- the internal copper wiring is twisted around itself many more times to reduce interference, and the whole thing is cradled by a plastic framework shaped like a plus sign. This framework is twisted as well, so as the Cat6A cables lay next to each other in cable trays, the individual conductor strands don't align with neighboring Cat6A cables, again helping to avoid signal transference between what should be independent connections. The idea is that in 10 years, when everybody is demanding 10GE connections, we'll be able to simply re-patch uplinks into 10GE switch ports as needed. Otherwise the rewiring would be painful for individual machines, and impossibly disruptive to do in bulk.

Unfortunately, the heavier-duty Cat6A is also heavier and bulkier, thus significantly harder to work with and slower to run. Each of the 24 new 42U racks is getting 48 runs, from 2 1U patch panels in each rack, back to 6 patch panels (96 connections) in each of the new network racks, where switches and other Cat5-based gear, such as terminal servers and KVM switches, will go. This is new 1,152 runs in addition to the slightly older stuff at the South end of the room, which is still our DR site during this construction.

My question is: How long will it be before we need more than 48 connections in a rack? Our non-blade Linux servers tend to have 3 Cat5 connections: Ethernet, serial console, and KVM; Windows systems don't need serial consoles, so they get 2. A rack of 1U Linux servers maxes out at 40 1U servers and 120 Cat5 connections, which just won't fly here. 8 2U Linux servers (24 connections) and 12 Windows servers (another 24 connections) fill a rack, meaning as time goes on and we are again someday tight for space, we might run out of network connections sooner. At that point we could put a KVM server in every third rack and reclaim a lot of cabling for Ethernet, but it violates our model of having everything run patched to the switch racks. We'll see what the world looks like when we actually get there...

I discovered yesterday that they're also simultaneously digging up the driveway between Founders Hall and Flexner -- not sure why, but it looks like pipe-laying for plumbing.

Trench between Founders and Flexner Update According to Stu, this is actually conduit for electrical wiring, from the vault under our parking lot up through to an electrical switching station in Flexner.

Many more RU photographs are up at http://www.reppep.com/~pepper/album/ru/

Thursday, August 2 2007

Shitty New York

Tuesday morning, Amy and I were walking to the subway together, and we saw this amusing sign:

Things to do this summer

I sent it to Heather & Sam, who run New York Shitty (she acid wit & poop snaps, he back-end hosting), and she liked it. Then Curbed picked it up, and it's made the rounds.

Friday, July 27 2007

Verizon USB720: Useful but Disappointing

After a week at the beach with a Verizon USB720, I've found it useful (neither of our home laptops has a modem, and there's no Internet access in our beach house), but very frustrating. Apparently the Novatel hardware includes a GPS receiver, but Verizon doesn't make it accessible (neither does Sprint, who offers the same gadget). The connection always comes up at 144,000bps, which is about what my ISDN modem used to provide -- somewhat better than double the speed of a 56kbps analog modem, but about 10% of my home DSL speed; I don't think they're allowed to call this "broadband" in most markets.

Downloading my email (spam) takes tens of minutes; Safari keeps timing out and telling me I'm not on the Internet because it's getting no response on requests. I find myself alternating between: a) connecting, starting a Eudora mail check and loading a bunch of Safari tabs plus a Plucker run, and coming back (much) later; and b) connecting, trying to use the Mac, and wanting to howl in frustration because I can't read my mail or web pages; I have to wait a long long time before the Mac has loaded the content I want. I keep finding myself reading a novel, while supposedly using the computer. At least Pattern Recognition is very good.

I've wasted several hours of this vacation waiting -- for mail or pages to download or transfer, for connections that were actually down, for pages that refused to load (again). Pfeh!

I keep getting disconnected -- perhaps half the time this includes a scary message about disconnecting a device and losing data, although that's not such a big concern as reconnecting lets the application retry -- this tends to sort it out, except when the connection doesn't have enough bandwidth to satisfy the pending requests. I get a new IP on each reconnection, though, which gets AIM in a twist.

On the other hand, I have to respect any operating system that considers it an error condition if Internet access is completely unavailable.

PS-Happy SysAdmin Day, folks!

Friday, July 20 2007

iPhone Observations

I had an iPhone on eval for a couple of days, and have learned many things.

iPhone VPN is buggy -- it only accepts numeric passwords (many people have gotten around this; mine hung when I tried), tends to forget them (these are well documented online). It's quite limited -- not compatible with RU's IPsec configuration (we could perhaps fix this if we weren't concerned about attackers using the VPN protocols); not compatible with our (preferred) SSL VPN. It's insufficient -- as Glenn Fleishman pointed out for Macworld, the iPhone won't store multiple IPsec or multiple PPTP VPN configurations, and cannot be configured to always reconnect to VPN when moving between networks.

The iPod functionality doesn't support shuffle by album! It's only by song (which I don't like).

Several people have complained that the iPhone doesn't work with their older earphones. I was pleasantly surprised that it works with my older Apple iPod In-Ear Headphones, although unfortunately it doesn't accept the higher quality UltimateEars 'phones Amy and Julia gave me for my birthday. Most earphone cables have a thicker area around the connector for grabbing to extract the 'phones, and Apple recessed the jack without leaving enough room for those 'handles'.

I thought I could just dump the full-quality MPEGs from our TiVo onto the iPhone, saving the considerable H.264 recompression & scaling time, but they don't work. On the other hand, Dr. Who at 480x320 looks and sounds great. As I try them out, though, I find myself cursing whoever decided not to show file suffixes on the iPhone, or in iTunes, or in the error messages that a file can't be transferred because it's the wrong type. Okay, but which one??? I have a .mov, a .mpeg, and a .m4v -- which is the tall one, which is the good one, and which won't go??? I've made some guesses based on graniness and proportions, but they are guesses, and I shouldn't have to rename the files and spend a few hours transferring and deleting and retransferring to discover what Apple refuses to tell me.

It's great that the iPhone can display PDFs, but annoying that it seems they must be received via email or accessed in real-time via a website.

Pinching doesn't work well one-handed. I tend to spend 2h+ per day walking around or sitting with my Treo 650 in hand, reading or watching video. It's easy to use my thumb to drive the iPhone (or hit keys on the Treo), but no pinch. So to zoom I bring my other thumb to bear, which doesn't work terribly well. Also, due to its size and slipperiness, the iPhone is harder to hold. I dropped it within 24h of getting it. I know the screen is bulletproof, but not the back. I can see marks on the bottom black and the top silver. This is minor, but how many times will I drop an iPhone during its 2-3 year lifetime?

It's annoying that movies must be manually selected in iTunes before they will sync over.

I wish I could set a home page; I have a list of links, and have to keep telling the iPhone to go there. I understand the desire to avoid a heavy page load on connect, but we should be able to have a home page (perhaps even a local one, or start with the Bookmarks list). A wiki would be even better for this; perhaps I'll set up a private one after I get a real iPhone, someday.

Despite the claims that iPhones don't have scrollbars, they actually do. As you flick-scroll through a long document, the iPhone shows a small dark grey proportional scrollbar to give you a sense of position within the document -- a welcome aid to navigation, since when reading there's no indication of how far down the page you are.

I think Apple overcommitted to the "real" Internet in your pocket (meaning something very like Safari on Mac/Windows). Comparing reading the same pages between the Treo 650 and the iPhone, the iPhone was actually inferior. The page loading was slower, since each page had to be downloaded; in contrast, Plucker documents are already in flash, although the CPU can take a few seconds to render them. The iPhone renders all the images, even though on many sites they're purely advertising. Here's a case where Apple's delivering on their claims, but it's a bad thing for usability; a setting (ideally per site) to skip images would be a boon.

Plucker reflows paragraphs to fit the narrow screen width; this works well except on rare pages with hard-wrapped lines. Mobile Safari tries too hard to keep the original web page's column width, meaning many pages are either too tiny to read or can only be read sideways (scrolling twice per line is a non-starter). There's no reason to slavishly honor web designers' specifications for width on a new platform with such different characteristics than these sites were coded for -- perhaps if the iPhone finds an iPhone-specific style sheet its width should be taken seriously, but most web sites just assume 1024x768 or better, and the iPhone suffers needlessly when it tries to play that game. In fairness, some sites, like The Onion AV Club look much better on the iPhone, but the news sites I mostly read don't.

I'm disappointed by the iPhone's font rendering. I can tell it's using 'real' fonts, but anti-aliased Gothic 18 on the Treo is crisper and more readable.

Additionally, when reading web pages and email, you almost always want to scroll a full page. Safari tends to scroll half a page, or a page + 2 lines, or a page down and 1/4" to the right. It's erratic enough that I spend time looking for the last line I read, which is a recurring waste of time. I see that the iPod is trying very hard to respect what I did, but I shouldn't have to start at the bottom, drag to the top, and watch how far it went. I should just make the "scroll" gesture and it should Do the Right Thing, since WIM is obvious.

I do like that (unlike the iPod) the iPhone is usable while plugged in, and can always be disconnected quickly (the iPhone Dock connector doesn't lock like the iPod connector); this is partially because it's not accessed as a hard disk, and partially because people like to charge their phones but still need to answer (make) calls. In contrast, iPods are largely superseded by iTunes and speakers on the computer they plug into.

Bug or design flaw? With the mute button engaged, iPod mode still plays sound on videos. If I have mute engaged, the speaker should be off. Not "only on for those things Apple believes I probably really want to hear anyway", but off. I haven't checked YouTube.

Speaking of which, it's ironic that a small screen with a relatively slow CPU and network connection is such an excellent YouTube device, but that will remain true until Google makes the H.264 streams available through their normal website.

I haven't really used the MobileMail. The PIN isn't adequate security, so I've only trusted it with my unused .Mac account.

I haven't used the calendar much -- I'm working under some unusual constraints, and 2 days isn't enough to switch myself to looking at the iPhone for calendaring, but I find the absence of Week view inexplicable.

I haven't used Visual Voicemail! Rockefeller has a (poor) Windows-based voicemail app which I use sometimes, either to avoid switching headsets or for better control than button mashing. Interestingly, Apple's iPhone implementation looks substantially better, despite the physical constraints. I always knew the app stunk, but apparently the modern ones are all purely Exchange based. Perhaps we'll see some improvements in this area.

Here's a silly one: the iPhone gets dirty so easily that wiping it off wastes a few minutes each day. I have better things to do with my time than polish an (admittedly beautiful) Apple iPhone. Watching video is the worst, since the controls are all onscreen and don't work well with fingernails. After picking a video and hitting Play/Pause a couple times, it gets notably harder to see.

Video controls are poor. They're hard to hit, don't always trigger, and accelerate as you hold them down. The result is that by the end of a commercial break, once I see the show and release, the iPhone has jumped substantially past the end. Then I go back, and often have to watch the last commerical again (3x total: once fast forward, once fast backward, once normal forward) to get to the resumption of the program. Dragging the time slider is way too imprecise. These are fixable in software, and hopefully they will be soon.

Thursday, May 10 2007

RU Pictures, May 9th 2007

I took a bunch of pictures at RU today, including some of our DR site being expanded to become our primary machine room. Lots of AC & UPSes going in. I even got my father and Stu (Data Center Manager -- he gets an office outside the Super-Tent!) in a couple.

Dad & Stu

Saturday, May 5 2007

Canon hates me -- and I'm not impressed either

We just got a Canon imageRUNNER 2880i copier in the Super-Tent (the old copier died, and this one's smarter). It has an Ethernet connection and a phone line, so can be used as a smart fax machine & scanner, and accessed via email.

Sounds great! I'd love to be able to send & receive faxes from my desk, and it's half as far from my desk as our primary printer (oscar, as in "The Grouch"). Amy had desktop faxing with RightFAX at Debevoise, and it was quite convenient.

I tried to print, using the generic PS driver. Instead of a 2-page document, I got 34 pages of PostScript code -- this is what happens when the printer treats a PostScript job as an ASCII lpd job, but it's annoying and wasteful.

So I went to Canon's download page http://www.usa.canon.com/html/download/irc2880.htm; spent 10 minutes figuring out which versions were current and which were old; and then grabbed their current PPD, Mac PS driver, Mac UFR II driver, and Mac Fax driver (in BinHex format -- how quaint!). I have no idea what "UFR II" is, and their documentation provides no clues, but I guess it's their private page rendering language, since it appears to be a peer of their PS driver).

I installed all four drivers (they wanted me to reboot 2-3 times during the process -- I declined), and tried to print. Bang! Application quits. I tried again. Bang! I could kill any application (including Safari, BBEdit, TextEdit, and Console) by simply attempting to print -- instead of a print dialog, the application vanished in a puff of invisible smoke.

So I uninstalled all 4 drivers (they did provide an uninstaller). I rebooted. I tried again, still no joy. I sent a bug report to Apple, but I assume this is Canon's fault. Apple should program defensively -- counting on printer drivers to behave properly is just begging for trouble -- but really, this looks like Canon's problem.

I deleted all the printing prefs I could find, and even moved aside the Canon drivers & PPDs (presumably from the Tiger installation, since Apple provides a set of Canon drivers on the DVD), but no joy.

I sent a note to Canon's tech support department, and got back a response saying "We value you as a Canon customer and appreciate the opportunity to assist you." It also said "You will want to contact your dealer/reseller for any technical or hardware support on this unit."

Well, no. If I wanted to contact our reseller, I would have done so. I want to contact Canon, whose name is on the stupid thing, and whose driver is crashing my Mac -- I can't even print to the HP any more. But despite claiming they want to help me, they refused, point blank. Feh!

The only bright spot is that after an Archive & Install and large raft of patches from Apple (since the Mac Pro came with 10.4.8), I can print again -- at least to the HP LaserJet. I was afraid whatever was causing the crashes would be carried along with the Archive & Install, but fortunately it wasn't. In an hour I was back in business, and I was able to do other work while the computer crunched on the reinstall.

The fly in Apple's A&I ointment is that it disabled sshd! Remote Desktop & Personal File Sharing were still active, but I had to manually re-enable the "Remote Login" service. Predictably, I discovered this when I was elsewhere and needed access to my Mac.

Tuesday, May 1 2007

Moved in

We're all in here. When I got in we sat on our desks, waiting for computers and chairs to arrive; now most things are unpacked and stowed. Storage is about the same as the old space. Temp is fine. Noise is definitely worse, but it wasn't great on the old space either. We'll see.

One nice thing about the Super-Tent: I got 3 gigabit Ethernet jacks. Copying a 4gb Parallels VM from Mac Pro to a first-gen MacBook Pro took 2:42 (using cp over an AppleShare mount), at 206mbit/s. The same copy to a Samba/Linux share failed (likely due to an invalid filename), but cp of the equivalent tarchive took 4:42, at 118mbit/s (apparently the tent's uplink is busy).

My workspace

Monday, April 30 2007

Macs Moved

As described in Major Mac Movements, I did a lot of computer shuffling recently. On Sunday night I moved my gigabit Ethernet switch to our private home network, which was much easier than I expected. I labelled all my Ethernet cables (the longest part), then plugged in an 8-port 10/100 switch, moved all the cables from the 8-port 10/100/1000 switch to the new one, and moved most of the cables from the Linksys WRT54G's 4-port switch to the (now-empty) GE switch.

Now network transfers from the PowerBook to the www (PMG4) max out slightly over 100mbps, and will get substantially faster when I upgrade the PowerBook to a MacBook Pro, and also in the fall when I swap the PMG5 in to become www.reppep.com.

Everything is done except the TiVo swap, although I may have to send the MacBook Pro back to Apple from work because the brightness still flickers, and will see if the 23" CD continues to flicker in the Super-Tent.

Friday, April 27 2007

Super-Tent Move Has Begun

The IT Office staff has moved, along with management. Most of the UNIX Systems Group moves Tuesday. It's not a happy thing, although we're hoping for mitigating factors.

Just in time too -- this place is falling apart around our ears. A heavily used door is broken, the bathrooms are broken (broken toilets, a flood, and an ant colony). The copier broke and has been left behind. The new bathrooms have no urinals; we'll see if that has a significant impact on cleanliness.

Furnishings are not great; the monitor arms don't quite fit under the tasks lights, the new locks are different than the old ones, so while we had the same key for desk/cubbies/pedestal before, the old pedestals can't be keyed the same as the new desks/cubbies. I've been offered a new pedestal, so I wouldn't have to carry more keys, but the new ones are smaller...

We're refusing furniture to have more floor space, and various things are now inconveniently farther away.

We're out of boxes already, and I haven't packed up (although I have gotten rid of some stuff).

Hopefully Monday will be less busy than today, so I can pack!

Our office, from above

Monday, April 23 2007

Power Mac G5 Is a Busy Little Beast

Friday night I got 2 750gb hard drives for the Power Mac G5 I brought home from work. I was very impressed by the elegance of its hard drive bays (which have since been replaced by carriers in the Mac Pro), and it's much faster than anything else in our house (until Amy gets her MacBook tomorrow -- that might be faster), so I'm doing a little iMovie work on it.

I've installed Leopard Server several times already, having some trouble with networking/naming, largely around the fact that the Power Mac has an internal hostname & IP, an external hostname & IP, and a DNS hostname for the external IP which didn't agree. Mac OS X Server is picky about hostnames & IPs, and ironically this weekend I found and fixed a similar problem on my PMG4, which dates back to when it became the production (www|mail).reppep.com (shortly after 10.4.0 [Server] was released); I noticed the old name kept showing up in odd places, and now I know why. changeip is your friend.

I just checked, and I have sent 24 messages to Apple since Friday night; probably 1/4 are updates for existing reports. Most of them are about very small points.

The new box will be a Leopard Server testbed until it's released, and then the production (www|mail).reppep.com, with much more disk capacity and general "oomph".

For the stuff I had planned a week ago, I've done most of it, but the TiVo isn't connected yet (it's sitting under a table waiting for me to take the time, but the APExpress is ready to go); Amy's MacBook arrives tomorrow, and I just sent my original MacBook Pro to Apple to get its backlight fixed and perhaps battery replaced; once it's back I am considering sending the new 23" CD in to have its backlight replaced, as it's got an annoying flicker in the lower right quadrant.

The rest is done; I can now post images to Julia's site at 100mbps from my PowerBook, rather than AirPort speeds, and I am considering moving the GE switch to the inside, since that would let the PowerBook run at full speed (and most bulk transfers are betweeen it and the server), and obviously the front side of the network is throttled by our 3mbps/768kbps DSL circuit. But it requires me to use different names for everything to get top speed and bring an old 100mbps switch back online, so I'm not hurrying to implement. I can see the GE is working, though -- I just moved a 1.35gb iMovie project from the PMG5 to the PMG4, and it peaked at 300mbps, averaging half that. After I invert the network I'll see if the PBG4 can do faster transfers than the PMG4.

I decided to hold onto the Dell PC, since nobody else wants it and it's a fine machine for XP or Linux; I'll just leave it in a corner until I come up with a worthwhile use for it.

It's very nice to have an iPod on the stereo again.

- page 1 of 2