I wrote myself a little letter to commemorate 2002, which I spent with Dan, briefly. I've lost the letter, since, but the gist is thus: we went and saw Bryan at the columbarium at Arlington Cemetery, and it was perhaps the most intimate moment he and I have ever shared. We talked about XML, we talked about how so many people were dying in so many wars that Arlington Cemetery is being expanded. In fact, they're tearing down the barracks behind the USAF Memorial (although we didn't know this at the time).
On Friday, I received an offer letter to go work at a research institute, doing far less stressful things than I had been doing in the past (although I may get to do some red-teaming on the feds, which is always fun). They were in a hurry to get me to start. So Friday being the 7th, they wanted me to start on the tenth. Sandy came back from Cupertino this weekend, though, and while it wasn't all bucking like funnies, we certainly had no reason to check the mail, email or otherwise. I got the offer letter on Sep 10. I thought to myself, oh, well, I'll just call and we'll start tomorrow.
Oh, shit. It's that day again. Another year has gone by, and the smell of JP-8 from my apartment, the fire trucks and the gigantic hole in the Pentagon have faded. The Humvees with 240 Golfs (I don't think they were fifties, but then it was a long time ago) have gone from the city. We've really all forgotten the intensity of the moment, and what it meant (I suppose the people that perpetrated the act have also lost some of the immediacy of the act and perhaps forgotten what they were trying to achieve, instead just wreaking wanton destruction on their own people). Most of us don't live in 22202 or 22201. Maybe the rest of the world has forgotten already and it's just another "day that will live in infamy." We've got 12/7 and 9/11. But they're just days. How many people go and sit in a columbarium, or place flowers at the headstone of an eighteen-year-old on these days (you can find the ones from 12/7 at Arlington, too).
As Dan and I left Bryan's plaque at the columbarium, we didn't have much more to say. It had only been a year, and both of us were incredibly morose. A flight of Vipers flew overhead, in the missing man formation, low and incredibly loud over the 5gon. The wind picked up, and the fountain in front of us sprayed us both with a modest amount of water, but enough that we got wet. Dan looked at me, with a sort of a smile, one I don't think I'll ever understand. A smile that betrayed something of a broken heart, and at the same time of hope.
He said to me, as he removed his glasses to get the water off them, "It rained the day of Bryan's funeral." Rain, the vipers, water from the fountain. None of it is really related, but when you're reaching, when you need things to mean something, when nothing else makes sense, there's comfort in these random happen-stances. Dan, who reads this, and will probably remember as I do, probably doesn't realize that the time we shared that day was one of my most cherished with him. Time doesn't heal all wounds, but having friends like that helps a lot.
It rained viciously last night, and continues to rain today.
11 September, 2007
28 August, 2007
Well that's interesting
Other friends, say, not so for them. Emotional turmoil will slow down the writing, or change it. But, apparently, my internal world is pretty solid. It chugs along no matter what's happening in my own life. It's probably why all the people that try to make analogies between my life and Anita's always amuse, or puzzle, me. For another writer, it might be analogous, but it just isn't for me.
Laurell K. Hamilton, purveyor of fine pulp-vampire-romance-and/or-lesbian-love books, reports that her emotional state doesn't affect her writing, and further, that she has an acquaintance for whom the same is true. What I find strange is that there are people who apparently cannot write when their mood is "down", or the opposite of what they want to write. I suppose this can mean a number of things:
- I'm a terrible writer and/or nothing like successful writers.
- I write very dark books
- I am generally in a very dark mood (along with the above point)
I generally cannot write unless I'm in a pretty foul mood (this, to a point that my wife has started treating my greeting of "I started writing again!" as a warning sign). This may be because the first thing I wanted to write was a very unpleasant book about death, war, and failure. As I look through the stack of work I've started, there's only one thing that could be considered sort of happy, and even that is a happy story about being undead.
This is irritating, primarily because my being in a foul mood negatively impacts my marriage and my work life. I tend to not say hello to people, not acknowledge hello's, work odd hours, and get sick more. But golly, I hate what I write when I sit down and force myself to write. It's the stuff that comes out after I've had a multi-hour-long nightmare or I'm recovering in the hospital that I look forward to reading. It's written better, with more, you know, feeling.
I haven't cited Charlie in a little while, but in his discussion of how Accelerando came to be, he mentions it was a particularly shitty time for him in dot-com land. One has only to read the book to realized that Manfred is generally not a happy dude, and his ex-wife Pamela are not especially happy either. Going down the line, neither Amber nor Sirhan are happy people, either (one can even bring up Sadeq and his deeply neurotic self-hatred; however one cannot discuss same without a discussion of deeply neurotic islamic self-hatred, and that's not anything I want to discuss publicly). Was such a novel — to my mind, a magnificent novel — composed when Mr. Stross was all fluffy bunnies and just-from-the-dryer socks? It seems to me, probably not.
Glasshouse was not quite so bleak. In some ways it was, in the same way that Banks' Excession was (with respect to the GCS Grey Area a/k/a Meatfucker or perhaps Use of Weapons', uh, Chair Incident). However, it lacks some of the hopelessness and shaking-fist-at-god (little g, not big G) that Accelerando had. So it seems to me that perhaps an author is somebody who was initially motivated by enough heart-or-ass-pain to sit down and pound out a few hundred pages, but when they've finished, the pain or whatever diminishes to the point that they are able to operate as an author with less of it. I know the process from page 0 all the way through finishing the book forced me to be a better writer. Perhaps it is after that point that writing something that is more classical and less about angst becomes easier, and possibly something one wants to do. It's certainly not for the money.
27 August, 2007
Cops, again
This time, the DCA Transit Police:
Listen, you and I both know your car didn't come with that loud muffler and spoiler package. I'm not going to give you a ticket today — be quiet! — but you get out of here!
I offered to drive him to the dealer. I got out of the car to pop the hood and show him that red intake manifold and intercooler that also obviously didn't come with the car. I reached for the owners manual. At all points, I was stymied. Don't you dare tell me the truth, citizen, while I'm busy slapping my nightstick across your face! Makes me sick. This and Mr. You're-Going-To-Prison make me wonder why I ever had any faith in the police at all. Not that Alexandria PD and the DC Transit police are exactly shining examples of provincial authority. It's just that I kind of expect them to try not to suck. This stupid-and-proud business is more befitting LAPD than what are ostensibly police in one of the country's oldest cities (or, indeed, the country's capitol).
22 August, 2007
Whither thine superuser?
I have recently been discussing with an employee of a company based in Cupertino the difference between "root," "super user," and "administrator" users both in general, and as they apply to MacOS X, and also to Unix. It's important to note that all three are separate. General would include the administrative users on a local Windows machine, as well as an administrator in Active Directory, in addition to the Administrator on a MacOS X box. They're all different of course. But what's been bothering me is the sort of sleight-of-hand Apple is pulling with its documentation. To whit,(via) and also:Administrative Accounts
Although the root account is disabled, Mac OS X establishes an admin user account when the system is first installed. The admin user can perform most of the operations normally associated with the root user. The only thing the admin user is prevented from doing is directly adding, modifying, or deleting files in the system domain. However, an administrator can use the Installer or Software Update applications for this purpose.
Any user on the system may have administrative privileges, that is, there is no special need for an account with the name
admin. Admin users gain their privileges by being added to theadmingroup; non-administrative users belong to thestaffgroup. An admin user can grant administrative rights to other users of the system using the Accounts pane of System Preferences
Resetting an Administrator Password
Using the Mac OS X Server installation disc, you can change the password of a user account that has administrator privileges, including the System Administrator (root or superuser) account.
(via) again.
But, as anyone can see:
The progression here is as you would see on any stock, standard installation (note: I have installed the dev kit, but I doubt that bothers /etc/sudoers). When I open a new terminal, I am the alex user. We see the % prompt, which is standard for zsh non-super-users. I issue the command sudo su -, which essentially says, "make me uid 0 (zero), and run through that user's login process [e.g., run their .profile]." We see that the machine does as I ask after I issue alex's password, not root's. This is verified by the root# prompt, where the octothorpe (#) is the standard Unix convention for "you're root, please don't fuck things up."
The next command is a little more (or less, depending on your familiarity with sudo(1) [hm, section 1 of the manual is for binaries, which is where sudo should be, but it's been stuffed into section 8, which is for miscellaneous stuff. So here, I've said (1), but it's really in (8). Behold: No entry for sudo in section 1 of the manual] ) subtle. Instead of asking sudo to become root, we ask sudo to give us a shell. Now, we see again the octothorpe, but we don't see the prompt from before, gordon:~ root# . This is because we did not run through root's login process. Root, on Darwin, is given the shell /bin/sh. This shell, which is actually bash hiding in disguise,
gordon:~ root# cksum /bin/{,ba}sh
1901100275 1068844 /bin/sh
1901100275 1068844 /bin/bash
gordon:~ root# ls -la /bin/{,ba}sh
-rwxr-xr-x 1 root wheel 1068844 Dec 13 2006 /bin/bash
-r-xr-xr-x 1 root wheel 1068844 Dec 13 2006 /bin/sh
is different from alex's shell (zsh) [hi, nate], as we can see from niutil (ordinarily, we'd use /etc/passwd, of course, but OSX has this fancy netinfo garbage that hides things like that from us):
gordon% niutil -read . /users/alex | grep shell
shell: /bin/zsh
So anyways, what we've shown is that an ordinary "Administrator" (in Apple parlance) can become the super-user quite readily. Apple's documentation states that the simple Administrator is able to change parameters on the machine (and shut it down, eject/unmount devices, and so on), but cannot, for example, see files in other users' home directories. This is not the case. At all. It's misleading at best and devious at worst to suggest that having a differentiation between uid 0 ('proper' root) and a user who is enabled in sudoers with the keys to the kingdom:
gordon% idThat ALL keyword being of course key. Administrator users are put into /etc/sudoers with the rights to do anything they please on the machine. This means the literature, as I said, is wrong, misleading, and probably intentionally so (as Apple has kind of struggled to keep a toehold in the DoD space, which has certain strictures). As I teach a class on the STIG, I can kind of understand why they would make this fallacious logical distinction between uid 0 and "regular Administrator users," but of course, as an instructor I find it reprehensible that they blur the line so, and I have to help somebody who works with Macs understand this. Mainly by this giant rant. But that's beside the point.
uid=502(alex) gid=502(alex) groups=502(alex), 81(appserveradm), 79(appserverusr), 80(admin)
gordon% for group in `groups`; do sudo grep $group /etc/sudoers ; done
%admin ALL=(ALL) ALL
Since I want to distinguish here between Apple's terminology and Unix terminology, let's continue a little here.
In Unix, we have non-zero users, and we have root. Technically, there can be more than one user with uid of zero, but this is generally frowned upon (the Seebass/Nemeth/et al book being just one to warn against this). Users with an id of zero are allowed to rape, pillage, raze, ransack, and even mount volumes on Unix machines. This is sort of the achilles heel in Unix security, and one thing that Microsoft (and recently, even Sun) have rightly attacked. We can give non-root users the ability to execute programs (typical examples being ping(1) and traceroute(1)) as root, by creating "set uid" variables. These programs, when they launch, they become the uid of whichever they're set to, including 0. They are of course security risks, and frowned upon, because as I have said, once you've become root on Unix, it's game over. That user can do anything. This is changing of late, and Unixes are starting to get ackles and arbacks and things like this. The good news is it's generally pretty hard to become root, but the rule of thumb is, once they get onto the machine, they can pretty much become root through surreptitious means with impunity. The goal is to keep them off the machine entirely.
Windows is a little different, and this is largely owed to its torrid tryst with DEC VMS. Windows also has two kinds of local users, administrators and regular users. There's finer granularity than there is with Unix (or, for that matter, MacOS X), with the ability to restrict the administrative privileges of some users to specific things (I don't have an exhaustive list; finding one would be fruitless as it changes per release). The notion, though, is that with a big, mean operating system like VMS, designed to run on gazillion-dollar, building-filling VAX machines, you want to have Joe from one department able to remove tapes (and I mean tape, like big round spools, not DDS3 or LTO) or connect/disconnect devices, but heavens to Betsy, don't let him turn the machine off, the whole company would fall over. And so on. It's worth noting that sudo kind of replicates this granularity (but of course, sudo itself has been compromised more than once, and is itself a risk).
Users can sometimes be everywhere at once, or get from one place to another with little difficulty.The next level of user resides in a network directory. Well, usually it's on a network. It can be built on a local machine. Examples of this are LDAP and Active Directory, Kerberos, NIS and NIS+, and of course NetInfo on the Mac/NeXT machines (which is a level of abstraction Apple could be whoring up, but doesn't, I suspect, for fear of scaring sysadmins like me. I really want to be able to grep myself out of /etc/passwd, and can't with NetInfo. Or maybe they've realized that NetInfo kind of sucks and they're going to replace it with LDAP or something else sensible....). Anyways, the notion here is that I tell my machine here, let's say my laptop, that when it gets a request to authenticate, say from me, that it's going to take the tokens I gave it ("alex" and "PAssw0RD"), and hand them to some server somewhere else that tells it (the laptop) whether it's okay to permit me access to the machine, and what sort of permissions to give me (and where my home directory lives and other various and sundry things like this).
So we have this sort of "network-level" administrator, as well as the local administrator. In some of these systems, after we've told our machines they have a network directory of users, they disallow local logins, including the ever ebullient Macintosh. If you join a Mac to Active Directory, only an administrator in AD can actually un-join it because it is (properly) refusing to allow somebody to circumvent the permissions in the network directory (although this, too, is get-around-able).
Network directories are applicable to every kind of operating system I've ever worked with, and have evolved from the days of Cutler and Knuth and all those old farts to the current, sexier, more complicated, but still vulnerable systems. Basically, the new ones have GUIs, and the old ones didn't.
But none of this forgives Apple. Apple has distinguished between a super-user and a super-user by a trick of vocabulary, and it unnecessarily confuses their users and ostensibly their employees. It isn't hard to say "users on the box with admin privileges are root, they own it, etc", but it kind of makes it sound dire to give a user Admin privileges. I'll finish this somewhat longish rant on privileges with an anecdote.I was teaching a course in Virginia Beach when a Navy sysadmin of twenty years kind of raised his hand and suggested to me as I was giving roughly the above lecture, "You know, you paint kind of a dire picture. Is it really that bad?"
Yes. It's that bad. Your box is probably owned. You probably did it. And if it isn't, it will be. And, it will be because you didn't understand your own permissions model, probably because your software vendors have so confused the issues you can't understand how to securely and safely administer your machine.
20 August, 2007
A translation for the rest of the world:
Prosecution: We are invoking the DMCA because this man has used surreptitious means to defeat our software and defraud companies of $largesum.
Defense: You are invoking the DMCA because it's cheaper than admitting your "copy protection" amounted to leaving your house key in your mailbox and was cheaper than engineering a proper (and complicated, and expensive) intellectual property protection package. What you had sucked, I showed you that, and by the way, I do own what is on my computer (this is why the Party Van can come get me if they find loli/cp/jb on my computer – it's my cp).
"legally murky waters" indeed.
(via)
Defense: You are invoking the DMCA because it's cheaper than admitting your "copy protection" amounted to leaving your house key in your mailbox and was cheaper than engineering a proper (and complicated, and expensive) intellectual property protection package. What you had sucked, I showed you that, and by the way, I do own what is on my computer (this is why the Party Van can come get me if they find loli/cp/jb on my computer – it's my cp).
"legally murky waters" indeed.
(via)
19 August, 2007
Teaching with emphasis
What the fuck, people? This position isn't going to pay more than $85,000 a year. In fact, that's probably the high end of the range, with $65,000 being the bottom. Yet, the position is for an assistant professorship. You're a lackey. For two years. With no benefits. They want somebody highly qualified, which is reasonable, given what they're doing, but they're asking for such a specific skill set that they can't possibly get anyone less than either a doctorate (they do suggest this) or twenty plus years in both chemistry and computer science. Somebody who's going to know Lisp, data architecture, probably filesystem mechanics, and who also understands the chemistry industry from an extremely technical point of view.Computational Science Research Assistant Professor
The Computational Materials Science Center seeks a highly qualified computational scientist. The computational scientist will be responsible for design, implementation, and maintenance of data mining and knowledge discovery tools for chemical structure, chemical compounds and properties databases.
The ideal candidate will have an advanced degree in computer science or a Ph.D. in a chemistry-related discipline with significant computational experience, including machine-learning methods, database management and Web interfaces. Experience in cheminformatics, chemical database formats and chemical structure analysis is a plus.
Applications will be received continuously until the position is filled. Qualified candidates should send their CV containing a detailed description of their computational skills, relevant computational work done, list of publications and contact information for three references. Applications should be entered online at http://jobs.gmu.edu by selecting "Computational Materials Science Center" in the department menu.
The position is for two years. Salary will be commensurate with experience, but will not include benefits.
Are they looking for somebody retired? Are they looking for somebody who has all these skills but who, for some reason, is unable to pull down the $150k they'd make elsewhere? I really fail to see how anyone could want this position. I mean, sure, they'll probably do great stuff, but being a toady, losing your funding in two years, and "your" work actually being the work of the tenured prick who you actually work for.
They're a good university. I've said before, and I'm sure I'll say it again: I love teaching, but holy cow is the pay shit. The more I look for a teaching position these days, the more I also find that they have a wholly unrealistic impression of the candidate base (or they're raping grad students; equally possible), and they're not really interested in doing anything but rubbing their academic squishy bits against themselves.
They have so many positions that are assistants to assistants to the semi-provost of the director of human information definition center. I mean, shit that just makes my mind boggle. There are no, as far as I can see, positions that look like:
Instructor, Undergraduate, Programming
Masters degree or ten years industry experience preferred, in addition to pre-vetting by tenured staff of computer science department. Must be able to teach C, Java, and Lisp from provided materials. Additionally, incumbent will be expected to create curricula as required. Strong familiarity with Unix, Windows, and other operating systems required, as well as the ability to teach from any of the above platforms.
Certifications from professional organizations, such as the CISSP or RHCE, will be considered as qualifications and favored on submitted curricula vitae, however interviews with faculty and teaching ability will be given higher preference in hiring.
Now, that looks a lot more like an industry posting than one of these stupid academic postings, and I'm not really sure where the discrepancy comes from. Given it's a teaching position, I'd expect something like $62-97k, depending on experience, for the position. And it would be a full professorship, with tenure at ten or fifteen years. And for heavens' sake, fucking health insurance and life insurance for the new prof.
So, what in the hell is wrong with academia that they can't figure out how to hire people or even train them? We get a new MA or PhD or even just somebody with an AA, and it takes them four fucking years before they're worth a shit. And yet, academia wants more of the same academic fuckers that created the useless twits coming out of colleges today. Seems to me if academia started looking for the people that were, you know, already spun up, that they might be able to produce students who were more useful.
btw, hi Cheryl.
17 August, 2007
Offline and alive
I am offline because the open wap I was stealing bandwidth from has lost its upstream connection. Despite my best efforts (default passwords, natch), and adding in an airport extreme as a WDS remote base station for signal strength, I can't get it to route for shit. So everyone on the network can see everyone else, the signal strength is fine, but the packets aint routed. Anyways, this means that if you try to email me, and I do love me some emails, I will only get the email when I am out somewhere poaching bandwidth. The same goes for instant messaging and things like that.
I am also having something of a disagreement with AT&T about my phone. I've got like 3 minutes left on my plan and they keep sending me these goddamn SMSs telling me that, and how wonderful it would be if I would cut out my spleen and give it to them. Since the spleen stays in me, and since AT&T can go fuck themselves, this means even if you call my phone number, you will probably not reach me.
Lastly, people have been somewhat concerned about my health given certain images which have surfaced, my multiple recent visits to the emergency room (not related to said pictures, mind), and my "we're arresting you oh okay, you can go with the paramedics" incident that fucking everyone knows about. I. Am. Alive. Offline, irritated, depressed, and doing absolutely squat other than playing Final Fantasy (how the fuck do you kill those goddamn elementals?), but Alive. I here provide photographic proof.
I am also having something of a disagreement with AT&T about my phone. I've got like 3 minutes left on my plan and they keep sending me these goddamn SMSs telling me that, and how wonderful it would be if I would cut out my spleen and give it to them. Since the spleen stays in me, and since AT&T can go fuck themselves, this means even if you call my phone number, you will probably not reach me.
Lastly, people have been somewhat concerned about my health given certain images which have surfaced, my multiple recent visits to the emergency room (not related to said pictures, mind), and my "we're arresting you oh okay, you can go with the paramedics" incident that fucking everyone knows about. I. Am. Alive. Offline, irritated, depressed, and doing absolutely squat other than playing Final Fantasy (how the fuck do you kill those goddamn elementals?), but Alive. I here provide photographic proof.
13 August, 2007
Look, ma! Backup superblocks!
Given it's 640GB and USB2, it churned for quite some time. Note, however, the "classic" backup superblock of 32. One wonders exactly what Disk Utility.app was thinking when it initialized this drive.
Using newfs(1) is probably not the recommended method per Apple, but it looks to me to be a lot safer than their idiotproof clickety interface from Disk Utility. I wish Apple would provide a "... so you're using a UNIX workstation" guide with their computers. You know, when SGI sold Octanes and Fuels and even the Indy's and Indigo's, they distributed both the "how to use from the front end" guide and the "how to use from Unix" guide. That is, you could manage your Octane from the gui, or you could go roboinst and friends.
There's no reason the two have to be exclusive. Even the developer tools (and we developers ostensibly are capable of using you know, newfs) don't include a comprehensive manual for the Unixy end of things. Sure, there's a manual included (see man(1)), but it's not only woefully lacking in places, it's wrong – dangerously wrong – in others. I might be willing to chalk this up to there being a large degree of churn in their Unix backend (e.g., the default shell changing, versions of perl, various netinfo tweaks, filesystem changes – hfs to hfs+case – and so on), but it's just amateur. When I write code (and this isn't to say I'm the standard by which Apple should measure their operating system), I write the documentation first (this is a technique I learned from a guy named saucepan on perlmonks) and make sure that the code fits the documentation and not the other way around. Now, I was doing this years and years ago, but I understand it's now a sort of design paradigm, so I'm not so special as I was back then. However, back in 2001, people looked at you like you were some kind of loon if you wrote docs before code because, well, how could you document something that simply didn't exist? Anyways, I digress substantially. The point here is that Apple could be writing the documentation for their systems and binaries as they are developing their systems and binaries, rather than just wholesale importing them from 4.2BSD (as in the case of newfs.)
Documentation is actually pretty cheap to produce, especially when compared to what it saves you down the line. In this case, I'm bitching about a flaw in their product. In other cases, I might decide that I am simply not going to buy an XServe for my next webapp project because their Unix support sucks. All they'd have to do to fix it is have each developer who is responsible for their neck of the binary woods (e.g., I'm the guy responsible for find(1), therefore I need to make sure it behaves the way the manpage says) sign off on the documentation. In the event they find a discrepancy, while this would seem like a pain in the ass to somebody who was naïve, it's actually a blessing. If you find a bug in your documentation, it probably means that your programmers are assuming that their APIs or binaries are going to act one way when they're really acting another. This is how we get the "grey screen of death" on the Mac.
So here's a question that's not addressed in the newfs manpage: does newfs create an ffs filesystem? Or maybe ufs? HFS? HFS+? Maybe HFS+ with case sensitivity? It's entirely unclear. My guess is that because tunefs(8) is completely hosed:
that newfs, while it claims to be creating ffs:
it is actually creating UFS of some sort or other. Which sucks, since Apple's UFS support is so incredibly slow I'd just rather be flayed and fed to hyenas than use it anyways. It does look like, however, that by using newfs to create your filesystem, and mount(8) to actually, you know, mount them, that you can have backup superblocks, and you can tell your filesystem to not reserve X percent for root (do we need this on an iTunes volume?). We can even tell it the expected average file size, number of files in a directory, and all kinds of things. You might even start to think that, under the hood, thar be Unix. However, if it were Unix, it would frickin have an /etc/vfstab where I could actually set up mounts and options and things like that.
As it is, while my original idea of having all my iTunes media on a 400gb single file was, I think, nominally a good thing, the worst case scenario happened: either the disk tanked or the filsystem deposited a fecal patch to the device driver. At any rate, it resulted in taking nineteen hours to copy 400 gig because it had a hard time finding every file. At least it found them.
This time round, I'm going to keep them separate, but have two volumes, and set up an hourly rsync between them. Sure, it means the disk(s) thrash a lot, but I have redundancy, and I don't have to worry, as I did this time, about a single disk losing its mind and having it take 400gb of media with it.
So after all this dicking around with filesystems for two days, we get this:
There's no easy way to tell what sort of filesystems you've got mounted (mount(1) won't tell you, and neither will df(1)). But, df -T fstype will in fact tell you which filesystems of fstype you have mounted. Nevermind that a df -Ta might be useful, because we have the lovely perl construct,
Which only sort of does what I want it to do, and is largely opaque to anyone but me. So, long story short, I've managed to reformat the drive that lost its mind (and redundant superblock), re-fill it with the goodies I want on it (Steve hates DRM, so none of the stuff I have has DRM; nooooo, it's all just, uh, protected for my own good), and I'm now using rsync to make sure that the primary volume – that is the one that the shitfairy blessed recently – has somewhere to leave data, should its coprogenic tendencies emerge again. Only now it's UFS instead of ffs or HFS or HFS+ so it will be slow as hell. Which is what I've come to expect from having a couple hundred gigs of stuff in iTunes anyways. It's just that before, I had iTunes to blame. Now I have to blame their stupid broken Unix. Argh.
And so the score:
Alex: 1
Apple: 1
Shitfairy: 2
Lastly, I could use a tiramisu. Anyone feeling generous, stop on by. All this stress gets my coffee liquor and mascarpone nerves wiggling.
There's no reason the two have to be exclusive. Even the developer tools (and we developers ostensibly are capable of using you know, newfs) don't include a comprehensive manual for the Unixy end of things. Sure, there's a manual included (see man(1)), but it's not only woefully lacking in places, it's wrong – dangerously wrong – in others. I might be willing to chalk this up to there being a large degree of churn in their Unix backend (e.g., the default shell changing, versions of perl, various netinfo tweaks, filesystem changes – hfs to hfs+case – and so on), but it's just amateur. When I write code (and this isn't to say I'm the standard by which Apple should measure their operating system), I write the documentation first (this is a technique I learned from a guy named saucepan on perlmonks) and make sure that the code fits the documentation and not the other way around. Now, I was doing this years and years ago, but I understand it's now a sort of design paradigm, so I'm not so special as I was back then. However, back in 2001, people looked at you like you were some kind of loon if you wrote docs before code because, well, how could you document something that simply didn't exist? Anyways, I digress substantially. The point here is that Apple could be writing the documentation for their systems and binaries as they are developing their systems and binaries, rather than just wholesale importing them from 4.2BSD (as in the case of newfs.)
Documentation is actually pretty cheap to produce, especially when compared to what it saves you down the line. In this case, I'm bitching about a flaw in their product. In other cases, I might decide that I am simply not going to buy an XServe for my next webapp project because their Unix support sucks. All they'd have to do to fix it is have each developer who is responsible for their neck of the binary woods (e.g., I'm the guy responsible for find(1), therefore I need to make sure it behaves the way the manpage says) sign off on the documentation. In the event they find a discrepancy, while this would seem like a pain in the ass to somebody who was naïve, it's actually a blessing. If you find a bug in your documentation, it probably means that your programmers are assuming that their APIs or binaries are going to act one way when they're really acting another. This is how we get the "grey screen of death" on the Mac.
So here's a question that's not addressed in the newfs manpage: does newfs create an ffs filesystem? Or maybe ufs? HFS? HFS+? Maybe HFS+ with case sensitivity? It's entirely unclear. My guess is that because tunefs(8) is completely hosed:
that newfs, while it claims to be creating ffs:
M. McKusick, W. Joy, S. Leffler, and R. Fabry, "A Fast File System for
UNIX,", ACM Transactions on Computer Systems 2, 3, pp 181-197, August
1984, (reprinted in the BSD System Manager's Manual).
it is actually creating UFS of some sort or other. Which sucks, since Apple's UFS support is so incredibly slow I'd just rather be flayed and fed to hyenas than use it anyways. It does look like, however, that by using newfs to create your filesystem, and mount(8) to actually, you know, mount them, that you can have backup superblocks, and you can tell your filesystem to not reserve X percent for root (do we need this on an iTunes volume?). We can even tell it the expected average file size, number of files in a directory, and all kinds of things. You might even start to think that, under the hood, thar be Unix. However, if it were Unix, it would frickin have an /etc/vfstab where I could actually set up mounts and options and things like that.
As it is, while my original idea of having all my iTunes media on a 400gb single file was, I think, nominally a good thing, the worst case scenario happened: either the disk tanked or the filsystem deposited a fecal patch to the device driver. At any rate, it resulted in taking nineteen hours to copy 400 gig because it had a hard time finding every file. At least it found them.
This time round, I'm going to keep them separate, but have two volumes, and set up an hourly rsync between them. Sure, it means the disk(s) thrash a lot, but I have redundancy, and I don't have to worry, as I did this time, about a single disk losing its mind and having it take 400gb of media with it.
So after all this dicking around with filesystems for two days, we get this:
There's no easy way to tell what sort of filesystems you've got mounted (mount(1) won't tell you, and neither will df(1)). But, df -T fstype will in fact tell you which filesystems of fstype you have mounted. Nevermind that a df -Ta might be useful, because we have the lovely perl construct,
perl -le 'print map { qq,FSTYPE: $_ $/,.qx, df -aignT $_, } map { /^([a-z]+)/; chop and $1 } qx{lsvfs}'
Which only sort of does what I want it to do, and is largely opaque to anyone but me. So, long story short, I've managed to reformat the drive that lost its mind (and redundant superblock), re-fill it with the goodies I want on it (Steve hates DRM, so none of the stuff I have has DRM; nooooo, it's all just, uh, protected for my own good), and I'm now using rsync to make sure that the primary volume – that is the one that the shitfairy blessed recently – has somewhere to leave data, should its coprogenic tendencies emerge again. Only now it's UFS instead of ffs or HFS or HFS+ so it will be slow as hell. Which is what I've come to expect from having a couple hundred gigs of stuff in iTunes anyways. It's just that before, I had iTunes to blame. Now I have to blame their stupid broken Unix. Argh.
And so the score:
Alex: 1
Apple: 1
Shitfairy: 2
Lastly, I could use a tiramisu. Anyone feeling generous, stop on by. All this stress gets my coffee liquor and mascarpone nerves wiggling.
12 August, 2007
How to work with IT recruiters
I occasionally spend time looking over the Google Analytics profile of this site. In general, there are three things people are interested in:
Let's start with the basics. I've been working as a consultant, largely through recruiters, for ten or fifteen years (fifteen years ago, recruiters weren't exactly the same sort of people they are today, so there's some ambiguity). I've worked with I think thirteen different "head hunters" (although I am surely forgetting some). More importantly, I have never (with two exceptions) gotten a job that I applied for. The recruiters come to me.
My first position with a recruiter, I drastically underbid myself. Instead of asking for money based upon what I was capable of doing, I asked for money based upon my pedigree. I'm not ashamed to say that I asked for $40,000 a year to hack perl for a defense organization. The hiring manager chuckled and offered me $48,000. I was ecstatic. However, this didn't work out because I was too young and my clearance didn't go through, so I was desperate when the next recruiter came along. They asked me what I wanted, and terrified, I said "35." They didn't even blink, and said okay. So we we went through the rest of the paperwork, W-4, I-9, and so on, and when it got down to how much I was making, they said, "so, we have you down as $35 an hour?"
Now, I choked, deep inside, as I had meant $35,000 a year. The difference between $35/hr and $35k is of corse a factor of 2,000: They had me making $70,000 a year. It took everything I had to not lose my composure, and I simply smiled and said that yes, that was fair.
Here's lesson number one when it comes to recruiters: always ask for more than you think you're worth. Chances are, they're willing to pay it. When I was making $35 an hour, that same headhunting company was charging the principal $60 an hour. Imagine if I'd just asked for $45/hr. I'd have been making $90,000 a year at 22 years old. So, if you have been making $50 an hour, or $75,000 a year, or whichever, take that number, and add a liberal increase to it. Pick a number that sounds just too high to be plausible, and almost without fail they will take it. I won't get into what I currently make, but for most people with solid skills, making $60-70 an hour shouldn't be hard.
The other thing you have to worry about with recruiters is the lying, slimy type of people they tend to have running the joint. If they want you to show up at their office, so they can show you their swanky view of the potomac or whichever, chances are there's not much to the business but lies and a trophy office. They'll promise you the world, tell you that they have five companies that want you, and you'll never hear from them again. So, lesson number two is trust a recruiter who sounds like he knows what he's talking about on the phone. The twenty-something chicks in low-cut halter tops in trophy offices are sure nice to look at, but they're so dense as to pronounce "BAE Systems" as "Bay Systems, what I like to call it." Run away. They are a complete waste of time. A good recruiter will take you out to lunch – of your choice – and ask you not only about your professional background, but also about your personal background, to make sure that you're a good fit for the team they're trying to put you in. If they're really good, they'll even tell you a bit about themselves, so you don't feel like you're being interrogated, and you can get a sense of who they are, and who their company are. These are real important things to know when it gets down to offer time and you're weighing numbers (salary/bene's) against perks (office, environment, challenges, etc). Meeting at their office is usually done, but if they're serious, they'll take you out somewhere informal so that you can interact more naturally.
Chances are if you are dealing with a lot of head hunters in email (because you're on dice/thingamajob/monster/etc), you will run across the email that looks like this:
Please list in number of years your experience with the following products:
Sun Solaris:
User Management:
Network File System version 3:
NIS:
Active Directory:
Secure Shell:
This should set off red flags for a number of reasons. First, the recruiter who is asking these questions has no knowledge whatsoever about what these technologies actually are. What they're doing is taking up all the "scores" they get, ranking them by the sum of the number of years, and then the ones at the top get the first interviews. The problem is, you or I or kermit the frog can lie on any of these and get the interview. In fact, most people can lie their way through "solaris experience" or any of the above. This makes lesson number three of recruiters if they can't actually engage you in conversation about technology and require number lists like this, they won't get you a job (or if they do, you won't want it), they're going to be a pain in the ass to work with because they're retarded, and they're wasting your time by having you quantify the number of years you've worked with something rather than qualify the actual level of skill you have in a given discipline.
This next one bothers me because it feels racist. However, the experience is true enough. I get a lot of recruiters from India. They get VOIP lines in places like Boston and New York, so that while you're actually talking to Ranesh in Hyderabad, it looks like you're talking to RTH Consulting in New York. These guys generally have their hearts in the right place, and I think the generally want to connect people who are looking for jobs with people who are looking for consultants. The problem is, they don't know anything about the technology industry here in the states. You'll get people who will ask you if you have worked with LAMP, and then subsequently ask you if you've worked with Linux or Apache. I can see how there might be some subtlety there, but it's not the only time they'll do that. So unfortunately, lesson four of working with recruiters is if the guy's name is Ranjesh, or his accent is so thick you can't distinguish SQL from "perl," you need to just tell him that it's not going to work out and move on. I wish there were a better way for those guys to get paid, but I think the industry is screwing them, and our playing along with them is wasting their time and screwing them even harder.
Lesson five of working with recruiters is that they will almost always want you to have a clearance of some sort. Frequently, having had a clearance, and recently, is good enough. Don't just assume that because they want TS/SCI with a Lifestyle Poly and Umbra that they won't hire you. It never hurts to ask.
And lastly, the last rule of working with recruiters is they will always try to screw you. They're going to skim anywhere from 20% to 65% on top of what you take home, and they work on commission.
I have worked with recruiters I like, and I'll list them here, as a) they'll like a reference from me (no I don't get paid) and b) they're always looking for good people.
- Futanari
- Broken ribs
- Recruiters ("rate my recruiter")
Let's start with the basics. I've been working as a consultant, largely through recruiters, for ten or fifteen years (fifteen years ago, recruiters weren't exactly the same sort of people they are today, so there's some ambiguity). I've worked with I think thirteen different "head hunters" (although I am surely forgetting some). More importantly, I have never (with two exceptions) gotten a job that I applied for. The recruiters come to me.
My first position with a recruiter, I drastically underbid myself. Instead of asking for money based upon what I was capable of doing, I asked for money based upon my pedigree. I'm not ashamed to say that I asked for $40,000 a year to hack perl for a defense organization. The hiring manager chuckled and offered me $48,000. I was ecstatic. However, this didn't work out because I was too young and my clearance didn't go through, so I was desperate when the next recruiter came along. They asked me what I wanted, and terrified, I said "35." They didn't even blink, and said okay. So we we went through the rest of the paperwork, W-4, I-9, and so on, and when it got down to how much I was making, they said, "so, we have you down as $35 an hour?"
Now, I choked, deep inside, as I had meant $35,000 a year. The difference between $35/hr and $35k is of corse a factor of 2,000: They had me making $70,000 a year. It took everything I had to not lose my composure, and I simply smiled and said that yes, that was fair.
Here's lesson number one when it comes to recruiters: always ask for more than you think you're worth. Chances are, they're willing to pay it. When I was making $35 an hour, that same headhunting company was charging the principal $60 an hour. Imagine if I'd just asked for $45/hr. I'd have been making $90,000 a year at 22 years old. So, if you have been making $50 an hour, or $75,000 a year, or whichever, take that number, and add a liberal increase to it. Pick a number that sounds just too high to be plausible, and almost without fail they will take it. I won't get into what I currently make, but for most people with solid skills, making $60-70 an hour shouldn't be hard.
The other thing you have to worry about with recruiters is the lying, slimy type of people they tend to have running the joint. If they want you to show up at their office, so they can show you their swanky view of the potomac or whichever, chances are there's not much to the business but lies and a trophy office. They'll promise you the world, tell you that they have five companies that want you, and you'll never hear from them again. So, lesson number two is trust a recruiter who sounds like he knows what he's talking about on the phone. The twenty-something chicks in low-cut halter tops in trophy offices are sure nice to look at, but they're so dense as to pronounce "BAE Systems" as "Bay Systems, what I like to call it." Run away. They are a complete waste of time. A good recruiter will take you out to lunch – of your choice – and ask you not only about your professional background, but also about your personal background, to make sure that you're a good fit for the team they're trying to put you in. If they're really good, they'll even tell you a bit about themselves, so you don't feel like you're being interrogated, and you can get a sense of who they are, and who their company are. These are real important things to know when it gets down to offer time and you're weighing numbers (salary/bene's) against perks (office, environment, challenges, etc). Meeting at their office is usually done, but if they're serious, they'll take you out somewhere informal so that you can interact more naturally.
Chances are if you are dealing with a lot of head hunters in email (because you're on dice/thingamajob/monster/etc), you will run across the email that looks like this:
Please list in number of years your experience with the following products:
Sun Solaris:
User Management:
Network File System version 3:
NIS:
Active Directory:
Secure Shell:
This should set off red flags for a number of reasons. First, the recruiter who is asking these questions has no knowledge whatsoever about what these technologies actually are. What they're doing is taking up all the "scores" they get, ranking them by the sum of the number of years, and then the ones at the top get the first interviews. The problem is, you or I or kermit the frog can lie on any of these and get the interview. In fact, most people can lie their way through "solaris experience" or any of the above. This makes lesson number three of recruiters if they can't actually engage you in conversation about technology and require number lists like this, they won't get you a job (or if they do, you won't want it), they're going to be a pain in the ass to work with because they're retarded, and they're wasting your time by having you quantify the number of years you've worked with something rather than qualify the actual level of skill you have in a given discipline.
This next one bothers me because it feels racist. However, the experience is true enough. I get a lot of recruiters from India. They get VOIP lines in places like Boston and New York, so that while you're actually talking to Ranesh in Hyderabad, it looks like you're talking to RTH Consulting in New York. These guys generally have their hearts in the right place, and I think the generally want to connect people who are looking for jobs with people who are looking for consultants. The problem is, they don't know anything about the technology industry here in the states. You'll get people who will ask you if you have worked with LAMP, and then subsequently ask you if you've worked with Linux or Apache. I can see how there might be some subtlety there, but it's not the only time they'll do that. So unfortunately, lesson four of working with recruiters is if the guy's name is Ranjesh, or his accent is so thick you can't distinguish SQL from "perl," you need to just tell him that it's not going to work out and move on. I wish there were a better way for those guys to get paid, but I think the industry is screwing them, and our playing along with them is wasting their time and screwing them even harder.
Lesson five of working with recruiters is that they will almost always want you to have a clearance of some sort. Frequently, having had a clearance, and recently, is good enough. Don't just assume that because they want TS/SCI with a Lifestyle Poly and Umbra that they won't hire you. It never hurts to ask.
And lastly, the last rule of working with recruiters is they will always try to screw you. They're going to skim anywhere from 20% to 65% on top of what you take home, and they work on commission.
I have worked with recruiters I like, and I'll list them here, as a) they'll like a reference from me (no I don't get paid) and b) they're always looking for good people.
- TekSystems in Virginia – Debbie Fuller
- RCMT in Virginia – Jared Hayes
- The JUDGE Group – http://www.judge.com/ dcmetro@judge.com
The fscking problem with pretending Darwin is FreeBSD
from fsck(8) (note: No entry for fsck in section 1 of the manual)
-b Use the block specified immediately after the flag as the
super block for the filesystem. Block 32 is usually an
alternate super block.
The problem is that, of course, block 32 is no such thing. Furthermore, on some other filesystems, when you initialize them you essentially are able to tell it you wanted lots, or not a lot of superblocks. I don't have a running Linux machine here, or I'd show you. The point is, the next thing in the Darwin fsck manpage is thus:
-c Convert the filesystem to the specified level. Note that the
level of a filesystem can only be raised. There are cur-
rently four levels defined:
0 The filesystem is in the old (static table)
format.
1 The filesystem is in the new (dynamic table)
format.
2 The filesystem supports 32-bit uid's and gid's,
short symbolic links are stored in the inode,
and directories have an added field showing the
file type.
3 If maxcontig is greater than one, build the
free segment maps to aid in finding contiguous
sets of blocks. If maxcontig is equal to one,
delete any existing segment maps.
The problem herein is of course:
bling% sudo fsck -c 3 /dev/disk3s3
fsck: illegal option -- c
fsck: ? option?
And then there's the good old "block 32" fix:
bling% sudo fsck -b 32 /dev/disk3s3
Alternate super block location: 32
** /dev/rdisk3s3
BAD SUPER BLOCK: MAGIC NUMBER WRONG
LOOK FOR ALTERNATE SUPERBLOCKS? [yn] y
SEARCH FOR ALTERNATE SUPER-BLOCK FAILED. YOU MUST USE THE
-b OPTION TO FSCK TO SPECIFY THE LOCATION OF AN ALTERNATE
SUPER-BLOCK TO SUPPLY NEEDD INFORMATION; SEE fsck(8).
And of course, it tells me to check out fs(5) which is cool, except that we know that 5 is the programmer's section of the manual, and not the binaries section (or even the miscy or errata section). So while
#include <sys/types.h>
#include <ufs/fs.h>
#include <ufs/inode.h>
(yes, it says ufs because, uh, everyone on the mac uses ufs, right?) is useful to somebody, it's absolutely useless to somebody trying to figure out why the fuck their volume is toast. So I have now this silly mac Mini with four 250gb drives in a raid 0, backing up a single 640gb drive that contains all my music and other media so that I can then blow away the 640 drive and hopefully give it some better options from newfs. I don't think I can trust Disk Utility anymore.
Who QA's this shit, coming out of Apple? I mean, if people are building clusters on XServes and they're doing evil things with eight-core xeon towers, why is it we can't have a reasonable, robust filesystem with redundancy, journaling, and oh yeah, performance?
Even on OpenBSD when you had ffs and we liked it, or when we had to choose between jfs, ext2, ext2, or even XFS on Linux, we had reasonable assurances that our manual pages were correct, that our filesystems, while they may crap out, would crap out in ways that weren't "the crap fairy visited, she was pissed, and she didn't leave a note."
It's almost enough to make me think I oughtta get rid of the mini, build a shuttle pc with about a bazillion 1394 and usb2 ports, as well as an 802.11N card, and have it essentially be NAS for the media. Even run leenucks on it. At least then, when shit went splode, I'd know where to go looking. Not any of this "totally fucking wrong manpage" garbage.