Thursday, July 30, 2009

GPS and Paper Maps

When I grew up, we didn't have personal GPS devices to help us find our way around town, or even MapQuest or Google Maps. We used maps on paper and our brains to find routes. In first grade, I even remember a brief unit on learning how to use a grid-based paper map (although I had already learned how to navigate a few years earlier using the maps at home). Basically, navigating worked something like this:
  1. Pick the map for the region

  2. Look up the street names in the index

  3. Go to the indicated page number and/or grid number

  4. Find the street in the grid and trace it to your desired location

  5. Repeat for the other point of interest and connect the dots

It seems, however, that not everyone can read maps anymore...

For the record, I usually use non-GPS-based computer mapping programs, but often like to retrace the route on paper and build my own alternate routes based on that. I do not own a GPS navigator (yet).

John Doe and Musicians

It's a real John Doe, even if it was an accident.

This is something I'd like to see sometime, for now the video will do: Glass harp player brings Old Town alive

Monday, July 27, 2009

Johns Hopkins Internet Connections

Most higher education institutions (i.e. universities) have connections to both the commodity Internet and the Internet2 research networks. I was browsing around the JHU IT website when I happened upon this IT newsletter from 2004. It seems that during the summer of 2004, Hopkins upgraded its Internet2 link from 45 Mbps (which is what TJHSST still has today; few high schools have a connection to I2 at all) to 1000 Mbps. That's quite a jump there! The regular internet connection was also bumped 20% to 110 Mbps.

Today (well, as of last winter), Hopkins has a 1.1 Gbps commodity internet connection. The primary I2 link remains at 1 Gbps, but there is an additional 10 Gbps link for Physics and Astronomy, probably because Hopkins houses ground control for the Hubble Space Telescope.

For those not familiar with Mbps and Gbps, let me put it this way: a home DSL connection in the Northern Virginia area is typically 3 Mbps, cable internet is 10 Mbps, and fiber optics (FiOS) is 15 Mbps. And those are download speeds; upload speeds at home tend to be slower than download speeds, whereas enterprise internet connections (like those used at corporations and educational institutions) run the same speed in both directions.

Healthcore Costs, Doctors, and Salaries

There have been some interesting articles recently about health care. The point about the value of prevention is an old one for me, but the salary vs. fee pay system for doctors was something I had not heard about before. I'm not sure which is better since my experience in comparing the two is limited, but I think what any healthcare reform needs to boil down to is patients first, not profits. I'm not going to deny that the limited sources from which I read these articles may provide a biased view, but it seems that in the cases presented, improving patient care led to a reduction in healthcare costs, without cost savings being a primary goal.

NYT: Getting Good Value in Health Care
NYT: Hospital Savings: Salaries for Doctors, Not Fees
NYT: Forget Who Pays Medical Bills, It’s Who Sets the Cost
The New Yorker: The Cost Conundrum

Saturday, July 25, 2009

Bears and Your Food

From the New York Times: Bear-Proof Can Is Pop-Top Picnic for a Crafty Thief.

My two favorite quotes:
  • "But wildlife officials say that Yellow-Yellow, a 125-pound bear named for two yellow ear tags that help wildlife officials keep tabs on her, has managed to systematically decipher a complex locking system that confounds even some campers."
  • "BearVaults, one of several canister brands, are favored by many backpackers because they are light and can be opened with bare hands; most others require a coin or screwdriver."
    (Bear hands?)

Snail Mail

It seems that USPS mail volume has declined significantly in recent years. Combined with the struggling economy, the article claims the USPS is "looking to cut home mail delivery from six days a week to five." Feels like as big a change as switching from 7 to 10 digit phone dialing was back in the 90s; an inconvenience that most people will get used to eventually.

Zero Gravity Coffee

This is pretty neat:
Astronaut demos drinking coffee in space
(Thanks to a fellow blogger at for the tip!)

Friday, July 24, 2009

You Get What You Pay For - Promise Technology RAID Arrays

TJHSST's Computer Systems Lab has a student systems administrators program, of which I was a participant during my time there. The "sysadmins" run production systems that support core school services such as student e-mail, the student Intranet, and the main website. The program is very fortunate to be able to use a part of the school's IT budget to purchase equipment to support these services; there was once a day and age when this was not so and the hardware ran ancient. So of course, in trying to be good stewards of the privilege, we try to find good deals on hardware that we are after. But in some cases, we learn the hard way that cheap hardware is cheap for a reason.

Enter the Promise VTrak M310i storage array.

On paper, this product looks great. It's cheap and comes with hard disk carriers so you can buy your own hard disks instead of being tied down to overpriced OEM disks. It supports everything that we want it to do. But at the end of the day, the on-board disk controller is unreliable. Maybe that's because we are using it with Solaris systems. Maybe it's because we're trying to use it more as a JBOD than a RAID. Neither of those are legitimate reasons, though, since the product advertises support for iSCSI, and allows you to create a JBOD configuration. If you claim to support an industry standard protocol or claim to be able to do something, there is no such thing as "it should work with this OS but not that one," or "we support this but not the very specific way you're doing it." There is a reason some things are called standards. Whatever the reasons, though, we are now stuck with a product that fails erratically; sometimes only a few days pass between failures, and sometimes a couple of weeks do. What we'd like now is a JBOD (no RAID controller to fail) that we can just put these disks in. However, to buy a good product from a Tier 1 vendor means that you can't just put your own disks in, and we aren't in a hurry to part with the disks that we already bought. Or at least with Sun's J4200 JBOD array, the product is new enough that it's hard or expensive to get the needed parts from the aftermarket. We've tried complaining to Promise and asking to get our units exchanged for their JBOD models, in hopes that they would work better since our units are still covered under warranty, but last I heard was that we'd gotten nowhere in trying to do that.

On a related note, we recently attempted setting up a donated Promise SuperTrak RM8000 RAID array. It has a decent amount of storage, but we were disgusted after spending 5 minutes trying to configure it. Apparently the product lets you accidentally create an invalid configuration using its non-intuitive interface, then has no way for you to delete it. It's possible there is a reset-all button hidden somewhere on the device, but we haven't had time to look for it.

So while Promise seems to have been slowly improving their products over time, I cannot deem their budget products production-worthy. It's possible their more expensive enterprise-class products work okay, but I can't speak to those. And before you say "upgrade the firmware", the product should at least work before it even ships. Blatant bugs like these show what seems to be either poor engineering or a lack of sufficient testing. And to be fair to the engineers, it could as well be a failure of management. A BlueArc storage product I've worked with had some issues that, after conversing with some of their engineers, turned out was a result of having the product rushed to market.

What is our solution? We don't really have one yet. We'll either wait until aftermarket parts are both available and affordable, or we'll just have to fork over additional money to buy a fully integrated and tested product. So much for trying to save some money. What I do know is we won't be buying a Promise product again anytime soon.

Keywords: Promise VTrak, storage array, review, SAN

Thursday, July 23, 2009

Google Voice + Gizmo = Free VoIP

I don't have an invite...yet. But I am sharing an account with a friend, and I have to say that, despite some privacy concerns, I expect to be using Google Voice in the future. The main reason is that I don't have a cell phone. Yes, that's right, I don't have a cell phone (not yet, anyways). Last year, I purchased the SkypeOut unlimited calling plan at $8 per 3 months while I was at Hopkins so I could call home and friends. However, with Google Voice I can now make calls for free within the continental United States.

But wait...Google Voice connects two phone endpoints. I have a Bluetooth headset that I can use with my computer. So I can use Skype for free PC to PC calling and Google Voice for free phone to phone calling (dorms have phones that are free for campus and incoming calls). But what if I want PC to phone or phone to PC, if only so I can use my headset? As it turns out, Google Voice can interoperate with the Gizmo SIP protocol. A Gizmo5 account can be used as a Google Voice phone endpoint, and has a Skype-like program that runs on Windows (and other OSes too).

Gizmo5, however, doesn't have a Windows Mobile Pocket PC client. However, it is SIP-based, so any SIP client can interoperate with Gizmo5 accounts. I found that the only SIP client to work decently on my Windows Mobile 6.1-flashed Dell Axim x51v was SJPhone. (If you use it, there is a caveat. The PPC 2003SE version doesn't hog the CPU like the unstable/beta for WM5 does, but the little notification message for incoming calls doesn't have buttons for Accept or Drop Call like the WM5 beta does. I went with the 2003 version, and mapped those two functions to hardware keys, since the only other way to answer a call is to enable automatic answering. It does, however, mean that those keys don't launch their usually mapped applications while SJPhone is running.) To dial using Google Voice on my PDA, I can either use Google's mobile web interface or the 3rd-party iDialer application (check out the companion iContact too). The latter is a little nicer to deal with, but if Internet Explorer is not the default browser on the PDA, it doesn't work. It's also a little buggier than the web interface sometimes.

But otherwise, I seem to have found a decent and free Skype-replacement for calling regular phones. The only other missing feature now I think is the lack of support for my special headset features (answer call, hang up, redial) that Skype supports.

Poor Password Practices

When you use an online service, you can pick as secure a password as you want, but you're putting a lot of trust on the other end to handle it securely as well. There are a few things that some websites or applications do that are insecure. Apparently it's bad enough to lead to this breach of security. There are at least three things that you should be wary of:
  • The ability to recover your current password. This means that your password is stored in clear text instead of as a non-reversible hash (yes, in most places, the systems administrators CAN'T actually get your password out of a database). This is different from being able to reset your password.

  • Use of secret questions and answers. Or rather, choose them wisely. Some of those questions can be answered by someone other than yourself. For instance, mother's maiden name is often a poor choice for a lot of people. Keep in mind that the answer doesn't have to be related to the question; as long as YOU remember what the answer you put in is (for example, you could put in the name of your elementary school when asked for your pet's name).

  • Passwords that are e-mailed to you. Did you know: e-mail is not considered secure? (It's about as secure as logging into a website without SSL.) In addition, if your password can be e-mailed to you, then the first bullet in this list is probably also true. If this happens to you, delete the e-mail with your password in it, change your password to a unique or throwaway one, and contact the website asking them not to e-mail out passwords.

Tuesday, July 21, 2009

Parallel Programming in High School

Intel recently made a press release regarding a program they are hosting at Brooklyn Technical High School. To the question in the title: Are High School Whiz Kids Ready to "Think Parallel?", I respond with a resounding YES! But perhaps that's just where I'm from. My high school has offered at least one course in parallel computing every year (formerly called "Supercomputing Applications") since the late 80s, it seems, and even the introductory computer science course that I took there went a bit into threading, if not the other more advanced aspects of parallelism. It probably helped that we had a supercomputer on-site for a large number of those years (and still do today, although it is largely obsolete). We very recently built a modern x86 cluster, and have also been using NVidia graphics cards to cover GPU programming using CUDA since last year. In any event, I'm glad to see that more technical high schools are covering parallel programming, especially today when even a laptop typically has two CPU cores.

EDIT: For those nitpickers out there, my mention of threading was meant to say that if you don't understand threading, you probably won't understand parallel computing either, since in my opinion, threading is a simpler related concept.


I've heard experience described a number of interesting, yet true ways. I came across this quote on the storage-discuss mailing list today:

"Experience is the comb you get after your hair falls out."

Interesting, don't you think?

Monday, July 20, 2009

Single Individual DNA Differences

Here's some interesting research about differences in SNPs when DNA is sampled from a different tissue in the same person.

The Cost of College

...or, rather, the extent that some will go to. Colleges are trying to get a sense of who you really are, not a figuratively PhotoShopped version of you. Yet some seem to be making a living off people who want to do just that: Before College, Costly Advice Just on Getting In .

Reminds me a bit of an experience that a friend told me about. During a high school visit to Hopkins, he overheard someone else in the group talking about how he was sure he was going to get in because he was participating in all the "right" activities. To me, that seems to be the wrong approach...I certainly hope the admissions counselors saw through it.

Solaris vs. Linux

I found an article that makes a good point about using Solaris and Linux. I happen to agree with it 99%. See the article, which I originally found from another blog.

Thursday, July 16, 2009

Things Money Does

Don't make dares you don't intend to keep: Attorney's Million Dollar Dare Comes Back to Haunt Him

Sometimes it's possible to buy a continent at a gas station: Glitch hits Visa users with more than $23 quadrillion charge

Microsoft Uses Sun Ray

Microsoft recently released a white paper titled "Virtualizing Windows on Sun Ray Thin Clients at the Microsoft Enterprise Engineering Center", available here. Even Microsoft uses Sun Ray (albeit with Windows).

Wednesday, July 15, 2009

Sun KCA 2009

Sun's Kernel Conference Australia seems to have some interesting sessions.
Not in Australia? Not a problem! There is a live feed of current session and recordings of previous sessions. Sessions are primarily Solaris/OpenSolaris oriented, but there are a few that involve Linux and BSD.

Source: The Blog of Ben Rockwood

Many Links, 2009-07-15

In United States news: Paulson admits bank merger threat. Apparently Paulson thinks that deciding not to take on assets that would hurt a company's financial interests has "no reasonable legal basis and which would show a lack of judgment." I assume, of course, that BBC is not misquoting him.

In Northern Virginia news: Faith, and Friendliness, Helped in Hostage Crisis

Technology and healthcare: Cisco, UnitedHealth team up to build a national network for virtual doctor visits

And finally, a look back in time at internet technologies:
CompuServe, Prodigy et al.: What Web 2.0 can learn from Online 1.0

Monday, July 13, 2009

Thin Clients and Ultra Thin Clients

There's a distinction made between fat clients and thin clients, but a lot of people overlook the difference between the different types of thin clients. For instance, Wyse thin clients aren't as thin as Sun Ray thin clients. The former run embedded versions of operating systems, while the latter runs a firmware. Sometimes, Sun Ray-types are referred to as ultra thin clients, which is probably where the "ut" prefix on Sun Ray commands comes from. The security track record of Sun Rays are also comparably superior. Wyse thin clients, on the other hand:
'Secure' Wyse thin clients vulnerable to remote exploit bugs

Bank Insanity

Something's not right here:
Al Lewis: Wells Fargo Bank Sues Itself -

One Year After Terry Childs' Arrest, IPSec VPN Security

He's still in jail, actually, going through a number of hearings. There have been a good number of analyses about the topic, particularly on Paul Venezia's blog and some of the links from it, so I won't reanalyze it here. But I am reminded of a huge security mistake that the prosecution had made, yet I feel very few people realized the implications.
Just prior to Childs' arrest, I had been working on implementing an IPSec VPN that would work with the built-in firmware VPN client on Sun Rays. This meant all the settings had to be compatible with Cisco EasyVPN (doing so was harder than it sounds). Since IPSec is so complicated, I'd been doing a lot of research on the topic at the time. When news broke that the prosecution had entered a list of VPN passwords Childs had kept into public evidence, I had an understanding of what exactly those passwords were for. Those passwords were what are known as "pre-shared keys." If you want to set up a Cisco IPSec VPN, both sides of the connection need to have a shared secret string. These were the passwords that the prosecution had supposed were other users' personal passwords that Childs was keeping so he could impersonate them. But as a systems administrator, I knew that knowing these passwords were essential to properly configuring Cisco IPSec VPN devices. In addition, these keys encrypt the user-specific password that gets passed over the network. You see, for Cisco IPSec VPN clients, you need two passwords: the pre-shared key, which only the administrator and VPN program are supposed to know (but is easily decrypted for human consumption), and the user's personal password. The former is used to encrypt the latter. After both passwords are accepted, additional encryption is negotiated.
What this means is anyone with the shared secret key is able to obtain the user-specific password if they have a network dump of the VPN traffic while logging on to the server. Where I implemented the VPN, I was able to mitigate this risk by assigning each user a unique key, but in most legacy Cisco deployments, everyone has the same key. That these keys were posted online meant that during the time between the document becoming public record and when the city of San Francisco IT realized that the VPN server was insecure, hackers may have been able to extract users' passwords. Based on news sources, though, it seems San Francisco was lucky enough to have avoided that consequence.

Saturday, July 11, 2009

Screen Candy

Back in the old Windows 95 days, when I was but a wee child in elementary school, there were a handful of fun screen candy applications. One of them was Neko, a cat that would chase your mouse cursor around the screen. I rediscovered it online here, but since that's a Geocities site, and Yahoo! is shutting down Geocities later this year, it's nice to know that has a copy of the site.

There's also Screen Mates Pumpkin and Sheep. They walk around your screen and use window edges as platforms. Here's a site that seems to have downloads for them, although it says Orange instead of Pumpkin (the original Japanese website for Screen Mates no longer seems available). I think my copies of the programs are from the days when floppies were the way to share programs :)

The Sad State of Networked File Systems

When it comes to networked filesystems, you pretty much have three choices: CIFS, NFS, and AFS. We won't talk about others here, such as Lustre, Gluster, other cluster-based things. CIFS is mostly for Windows, and NFS and AFS are mostly for *NIX systems. CIFS and NFS are strictly over the network (i.e. if you're on the fileserver, you don't have to use a CIFS or NFS client to read the files), while AFS additionally maintains its own on-disk layout (you need the AFS client, even on the fileserver).

Naturally, NAS appliances tend to use CIFS and NFS. The appliance can maintain its own on-disk layout, and just about every client is covered by exporting CIFS and NFS. Yes, I know Windows can also do NFS and *NIX can also do CIFS, but if given a choice, what would you choose? That's to say they don't do them very well.

CIFS on Windows just works. It's a kludge on just about anything *NIX, though, at least when you start supporting multiple users. Plus using symlinks means the server has to be very specific in implementation. Most appliances don't support CIFS symlinks, and symlinks are a *NIX user's friend. Okay, moving on.

NFS just works, until you want to start enabling security features, namely NFSv4 with Kerberos. Now it only works for the most part. On Solaris or Linux, you edit a file to enable Kerberos features. But on Linux, you also need a client keytab, and then find out that the GSSAPI credentials context (basically the authorization to NFS derived from your Kerberos credentials) stick around in a way that they shouldn't (at least on Ubuntu 8.04 and 8.10); they don't go away like your Kerberos credentials do when you log out.

AFS is it's own little monster, but on Solaris and Linux, it works pretty well. So you conclude that for Linux, AFS is your best option if you want reasonable security and features. And it usually is. But that's sad. AFS works pretty well on Solaris, too. However, you can't do AFS in combination with CIFS because of the on-disk layout, and the AFS client on Windows leaves much to be desired in its current state (I'm not very reassured by the list of bugfixes for Windows that are listed for each new release). In time, AFS on Windows might be something desirable.

Windows: CIFS. Linux: AFS. Solaris: NFS, AFS. Well they say you can't please everyone. I guess they're right. We'll see where the future goes...perhaps Linux NFSv4 with Kerberos will get better, AFS on Windows will be stabler, or Microsoft will make NFSv4 work really really well on Windows.

Microsoft Shenanigans

Over two years ago, I was playing with the the Microsoft Office Outlook 2003 Business Contact Manager. I decided to uninstall it since it wasn't something I was going to use. Now, as it were, BCM uses Microsoft SQL Server. When I finished uninstalling BCM, I got this friendly reminder:

Microsoft just admitted that its own products are a security risk?

Yesterday, I noticed that Google and Microsoft seemed to have entered a new partnership as well...

For those a little more behind on the times, Bing is Microsoft's latest attempt at a search engine.

Friday, July 10, 2009

Sun Ray 5 EA 1 GUI Firmware -- Update

One of the Sun Ray engineers responded to my question regarding the new Advanced options. I realized what "Video Input Disable" was last night before reading his reply, but basically on some models of Sun Rays, there is a source button to switch to using the Sun Ray as a monitor for another device. In some cases, this is problematic (for instance, when using Sun Rays as kiosks, or in places where users are apt to press random buttons to get things to work). I wonder if the option would be more aptly named "Source Button Disable" instead, since initially I thought "video input" was referring to the composite video in port on Sun Ray 1 models.
The Fast Download apparently improves tftp firmware downloads over high latency connections. I've found that firmware downloads in the default mode over my home broadband connection are reasonable, though, so I don't have a strong reason to test this feature now.

Ice Cream Trucks and License Plates

Every so often you see something that makes you smile. Walking home from the bus stop today, I passed a parked car with a license plate "HIHIHIH". A few months ago, driving through my neighborhood I saw a car with the plate "LUL WUT". And longer ago I overheard an ice cream truck in my neighborhood playing Tetris Rock on its chimes.

Thursday, July 9, 2009

More Sun Ray Software 5 EA 1

A couple more hours of evaluation and a lot more to report!

Adobe Flash HD
This time I used the 2009 JHU Commencement highlights video, after clicking the little HD button. The size of the video on-screen was approximately 896x504. Here's a table again:

TestBW (Mbps)CPU (%)Quality
WinXP/off1540Very Poor
S10/Firefox 3/Flash 92540Poor

So even with HD YouTube, the enhancements help a lot, especially in reducing bandwidth used. However, this time it couldn't match MPlayer's playback quality.
According to a post in this forum thread, Flash enhancements for UNIX are coming in a future release. Hopefully that's sooner rather than later.

Soft Client on Linux
It works with Wine on Linux. I couldn't test it with Wine on Solaris 10 or OpenSolaris, and the way I tested it on Linux meant that I couldn't check if sound worked, but otherwise it seemed to work pretty well.

New GUI Firmware Options
There are at least two new options in the Advanced menu; these are ones that I took note of because it's not obvious to me what they do, and the documentation only lists them but does not describe them:
  • Enable Fast Download

  • Video input disable
Hope Sun updates the documentation soon so we figure this out. I've posted a question on the Sun Ray forum as well to see if I can get an answer.

REAL BONUS - new X extension: XRender
I have to say REAL here since last time I said BONUS, it turned out that it was in the SRSS 4.2 What's New list, but not in the SRS 5 What's New list (see the edit that I made to yesterday's blog entry). This time, I'm much more sure it's not obvious from the wiki docs. The only place it's mentioned is in the man page for utxconfig (and the corresponding version included on
By default, the XRender extension is not turned on. You can turn it on for your token by running "utxconfig -n on", then logging out and back in. I have no idea how XRender support will affect performance of apps like Firefox on Sun Ray (Cairo uses XRender), but what I do know is that KDE 4 should now be usable! Over a year ago, I compiled the base libraries and desktop for KDE 4.0.5 (with QT 4.3.3). I logged in to see how well it was working, and I was not impressed. The desktop was very ugly and the Logout button didn't even work! (There's a screenshot linked to from this forum thread, but the link seems to be dead now.) I abandoned ship and waited. Today I pulled out that archived set of packages and it works great! As it turns out, the logout button fails if XRender isn't present.
A KDE developer had previously suggested to me compiling QT 4.5 with -graphicssystem raster to work around the lack of XRender. I never got a chance to do this, so I don't know if that would perform better than letting it use the new XRender extension. With the QT and KDE that I have now, running over my desktop icons rapidly and continuously results in Xnewt usage of 50% CPU and plasma process usage of about 35% CPU, as well as a bandwidth stream of 10 Mbps. Contrast that to about 30% CPU usage of the Xorg process when I used KDE 4 from the VirtualBox console (plasma CPU usage was comparable). It's possible a newer QT and KDE, even with XRender, would do better because of optimizations made to the code since I compiled it. I don't know whether raster would do better or worse though. I do know that someone on the SunRay-Users list had tried QT-raster on Linux and found it unusable since QT made the assumption that the color mask on the X server was RGB, instead of querying and determining that Sun Rays actually use BGR. It's possible this issue would not appear on Solaris.
To get a more objective idea of how XRender actually performed since one of the Sun Ray engineers had mentioned on the mailing list that the feature would be kept in for release if it performed well, I downloaded render_bench and ran it against both the Sun Ray and the X console running in VirtualBox. The first time I ran it on the Sun Ray, the X server crashed or reset for an unidentified reason before the test completed. The second time, the test completed without incident. I found that off-screen XRender and Imlib2 tests were comparable between the Sun Ray and console, but that for on-screen XRender, the Sun Ray took 5-12 times longer to complete the test. Subjectively, though, it still looks pretty good.

This ends my formal testing of EA 1. I will make another post if I find another hidden new feature, or have an update on something else I've already blogged about. Otherwise, we wait for EA 2!

Wednesday, July 8, 2009

Sun Ray Software 5 EA 1 First Impressions

After several hours of testing, I've got a somewhat lengthy initial evaluation of two of the major new features: Adobe Flash enhancements and the Soft Client. I don't have Windows Server 2008 that I can play with, but I trust it just means that some extra QA testing has gone into making the Terminal Services Client play well on 2008, as well as added support for multimedia features. With that said, a quick description of my testing setup:
  • Windows XP laptop (ThinkPad T61, Intel Core 2 T8300 dual core CPU, 3 GB RAM) -- doubles as both the Windows Remote Desktop server and the host for the Solaris 10 VM. The Soft Client was also tested from here.

  • VirtualBox (3.0) VM running Solaris 10 Update 7 and SRS 5 components (32-bit, 2 VCPUs, 768 MB RAM)

  • Sun Ray 270

Adobe Flash acceleration
Short comment: It works great!
Long comment: Flash (while limited to IE 7 and 8, sizes less than 1024x768, and Sun Ray 2 series DTUs) has been brought up to par with other video enhancements already made in earlier releases. Here's a table of bandwidth and CPU usage, as well as perceived quality of a particular YouTube video. For those interested, the video I used was the NewsChannel8 story on the TJHSST Sun Grant. Perceived quality was differentiated at about 0:51 (video of walking across the room). CPU usage only accounts for the Xnewt (X server) process, and in the case of Windows sessions, the uttsc process as well. For the WinXP lines, the word after the slash is the argument passed to uttsc. Off equates to how performance was before SRS 5.

TestBW (Mbps)CPU (%)Quality
S10/Firefox 3/Flash 94070Better

As with a lot of the other multimedia enhancements, Sun Ray 1 series DTUs don't fare as well. While I haven't actually tested them in this case, according to the documentation, WinXP/FlashAll isn't even an option there. Now...if only video on *NIX could get some love, too. But, as Sun once told us, most of Sun's Ray customers use Windows, so that's where most of the engineering effort goes these days. Oh well. C'est la vie.

Soft Client
Short comment: It works! Needs some polish and advanced features, but otherwise works!
Long comment: To get the soft client to work, remember to enable "Software Client Access" from the administration GUI or set a utpolicy that has "-u pseudo". You also need to be using the EA version of SRSS as older versions don't understand soft clients. I initially overlooked these two requirements and almost passed the Soft Client off as not working.
The overall experience was comparable to that of a hardware DTU (even sound works!), although the performance in some intense cases (i.e. video) seemed slightly inferior. This is surprising since the Soft Client is running on my comparatively powerful Windows PC, while the Sun Ray has a little 4 watt embedded CPU. Of course, the DTU firmware has probably been significantly optimized. Note that I was able to test the Soft Client with a fully powered Sun Ray server (Sun Fire X4150, 8 core Intel Xeon X5460, 24 GB RAM), although only over my home WAN connection (DSL, 3 Mbps downstream). I don't know how well it would do in a LAN environment with that same server.
What is missing is hotdesking and support for non-Windows! Actually, I think hotdesking would work with NSCM, but I have my own reasons for not using it where I work. Having said that, Soft Client tokens can be registered just like other smart card and DTU pseudo tokens, so by setting up alias tokens, you can effectively use the soft client to attach to an existing smart card session, enabling hotdesking without NSCM! It'd be nice if the Soft Client could offer to present different tokens to the server though, since as a systems administrator, I've got about 5 different smart cards that I use (one for each FOG, redirected using AMGH). But for most people, the default of one token should be fine.
The Soft Client is Windows-only...but it shouldn't be too hard to port to *NIX! In fact, if you look in the installation directory, you find none other than GTK+ libraries. GTK is widely used on *NIX anyways, so I guess it's just a matter of customer demand. Personally I'd find a Linux version very interesting, since it then opens up the possibilities of building a Sun Ray netbook (the existing Sun Ray laptops don't impress me all that much in terms of battery life and lacking a middle mouse button, as well as lacking other modern laptop features).

BONUS new security feature: Client Authentication
It's in the docs. It's in the administration GUI. It has new commands and man pages to go with it. But it's not listed on the "What's New" listing! I won't say too much more here since the official documentation explains it pretty well. Perhaps Sun wasn't all that ready for it yet; the docs on the new for it even have colored notes left inline for documentation editors to address.

That's all for now, folks. More to come soon :)

As a footnote to help un-confuse some things, SRS 5 includes SRSS 4.2, SRWC 2.2, and Soft Client 1.0. SRS refers to the entire suite and stands for Sun Ray Software, while SRSS stands for Sun Ray Server Software.

EDIT 7/9/2009 11:56 AM: Client authentication is listed as a new feature in the SRSS 4.2 docs, but not in the SRS 5 docs.

Sun Ray Software 5 EA 1 Announced

Sun just publicly announced the Early Access 1 program for Sun Ray Software 5 beta on the community SunRay-Users mailing list (at! Key features listed in this EA are Adobe Flash enhancements for Windows sessions, Windows Server 2008 support, and a new Sun Ray Soft Client. The announcement also mentions that EA2, due later this summer, will feature USB redirection for Windows sessions.

While it's not Adobe Flash enhancements for UNIX, it still sounds like an exciting release which I will be sure to test!

The program officially starts at 3:00pm EDT today. Details and the original announcement can be found here.

Monday, July 6, 2009

Warm and fuzzy news

CNN has a nice article up:
Stolen wallet found in cherry tree after more than quarter century

It's not often you read good news these days :)

Sunday, July 5, 2009

Financial Aid and the Economy

No, I'm not talking about the numerous congressional bailouts that have been taking place within the past year. I'm talking about something a little less aid programs for college students. Financial aid programs are great since they give an opportunity to those that are economically disadvantaged to pursue a higher level of education. But there's an irony to these programs and how they may be impacting the economy.

Say what you will about our economic problems, but it is difficult to deny that debt is not a significant, if not primary, cause of economic troubles not just in the United States, but in many other nations. The federal government is deep in debt. Individuals are filing for bankruptcy and foreclosing on mortgages. But wait! These days, what's usually the first time a person finds themselves in debt? Isn't it during the college years, either from paying tuition or spending more than one has via a credit card? And then financial aid comes around and tells us, "Okay, you have a big house that you barely own, not much in savings or investments, and a couple of kids in the family off of two sources of income. You sound like you could use some help."

And then the other guy. A family that knows how to save so losing a job doesn't mean losing the house. Doesn't indulge in buying a new car and computer every year just because it's the latest and greatest. The mortgage on the small but sufficient house has nearly been paid off. All-in-all financially responsible. Financial aid: "You get nothing. You'll give us everything you have before we help you out."

Wait a sec...if you're financially responsible, you have to pay through the nose for college, but if you live paycheck to paycheck you get lots of help? Granted, this statement doesn't cover everyone. There are those families that are very well off where the kids can be sent off to top notch colleges and the parents can retire and still have extra leftover. There are also those that suffer financially through no fault of their own and really could use the help. But that group in the middle...what's going on there?

I really don't know what to do here. I have no better solution to this potential issue. But it's something I think is worth pondering.

As a footnote: I do not intend to offend anyone by writing this, but there is just something that bothers me a bit when I think about the system that compels me to share my thoughts, disorganized or poorly expressed though they may be.

Wednesday, July 1, 2009

People that can read

I'm generally a very patient, calm, hard to stress person. However, a pet peeve that I have is when I have to repeat myself. Especially in writing. Specifically, I'm referring to a number of support cases that I've been filing with Sun. With a number of them, when the assigned support rep contacts me, I feel like they haven't read anything that I've written beyond the title, and that answering their question would just be rewriting my detailed problem statement. Now, granted, I'm generally very happy with Sun (Oracle?), and I'll give the benefit of the doubt that maybe this somewhat new Member Support Center makes it difficult for techs to read the problem statement, but really now. It'd be so much easier if you would just read the problem statement that I already spent time writing and then work from there. I would like to thank those techs that DO read my entire submission and subsequently are able to bring the service request to a quick resolution. Hopefully Sun will be able to address and correct whatever issue there is here.

RIP AvantGo

A few weeks ago AvantGo announced that it would discontinue providing mobile content on June 30th, 2009. For those that didn't use a PDA in the early 2000s, AvantGo allows you to sync online content to mobile devices for offline reading. Despite wireless data connections via cellphone and proliferation of WiFi networks, I've still found a use for AvantGo. I'm not always online, and AvantGo is handy when I'm using public transit (whether it be a school bus or taking Metro to an internship or to volunteer at the hospital). The content is also formatted nicely for mobile devices, so even if I do have a wireless connection, sometimes I'll use AvantGo anyways. Besides that, I don't have a cell phone (yet), and even if I did, it's not likely I would purchase an expensive data plan.

Strangely enough, with the disappearance of AvantGo (which predated the proliferation of RSS, mind you), I was hard-pressed to find a new alternative. However, I was very lucky to find mDigger. mDigger is in many respects similar to AvantGo, although it also has a Windows and Mac client. Much of the content offered is similar, although mDigger doesn't have everything that I used to read on AvantGo, nor does it seem to have as much complexity in channels (mDigger calls them mclips). For instance, with AvantGo, you can save your ZIP code in the channel and it will always sync your weather. News channels also have multiple levels of nesting. With mDigger, only one level of nesting is there and I have to pick a specific mclip for my weather region (in this case, Washington DC). But my favorite change in going to mDigger is that it's actually FAST when it syncs! I think AvantGo may have been that fast when I used it back in 2002, but something happened and the service became sluggish and prone to spitting out errors (this despite have switched from dial-up to broadband). mDigger, like AvantGo, supports adding external RSS feeds. Unfortunately, there's no link traversal for feeds so feeds that only have headlines and short summaries aren't very useful for me (this is the same reason I didn't just pick an RSS reader). mDigger also doesn't let you add any old website that you want, although I admittedly rarely used that feature in AvantGo.

All in all, I think mDigger is something I can get along with. But as for AvantGo, RIP.

Useful Laws and Other Random News

Some interesting news in the Washington Post today. Fairfax County seems to be talking about reinstating the decal because of budget deficits...despite the decal just having been eliminated a few years ago (the article says 2006). Also, apparently the "I Voted" stickers were cut from the budget :(

In better news though, starting today Virginia drivers can't legally text or read e-mail while driving (how is that even possible to do safely, in any sense?). There's also supposedly a new law in Maryland that'll promote bookstore competition in regards to buying textbooks; colleges have to provide information to allow students to shop around, as it were. I don't know how that'll be different from what I do now, since the Title, Author, and Edition of the books is already available. It would be nice if the ISBN number were released though.

The law that I'm most excited about is the smoking ban in most Virginia restaurants that goes into effect on December 1st. It's already illegal to smoke in Maryland (or just Montgomery County?) restaurants, so this will be a welcome change at some of the restaurants I go to. Smoking areas don't usually work all that well, but apart from that, lines should get shorter too (smoking areas tend to be underseated).

Ailing Budget May Lead Fairfax Back to Car Tax
Prohibition On Texting By Drivers Starts in Va.; State, Md. Plan To Launch Other Laws Today, Too

Hello, World!

So I've given in...I'm blogging to a directory for now since I don't have a real blog nor the motivation to set one up right now. EDIT: Those entries have been moved here!

For those of you that don't know me, I was a 2008 graduate of Thomas Jefferson High School for Science and Technology. My most significant contribution during my time there is probably the Sun grant that I wrote with Trey Repetski. In any event, I'm now an undergraduate (rising sophomore) at Johns Hopkins University, pre-med and majoring in Biomedical Engineering.

Despite this being my first blog post, I will probably make some posts in the future that predate this one just for sentimental reasons or whatnot. I don't know how I plan to backdate them just yet though.