My Delusional Dream

Virtualization of desktop operating systems is pretty commonplace for users of Linux and Mac OS. Initial implementations of desktop virtualization, such as VMWare 1.0, had the guest operating system running in complete isolation. Interaction was done through a custom application or network applications. There was no support for sharing files, sharing a clipboard, or merging the windowing environments.

Since then, virtualization has come a very long way. With VMWare and a supported guest operating system, the clipboards are the same, the mouse isn't locked to a window, and files are easily shared between operating system. Sadly, merging of windowing environments still isn't quite there. Your guest desktop still runs completely in a window on the host. VMWare has a new technique available in Fusion, their Mac product, called Unity that allows this. Parallels supports a similar feature called Cohesion, and I've been told that VirtualBox supports this feature too. This is a fine feature, if you have one of the newer products that supports this. If you're like me and still using VMWare Player, an older version of VMWare workstation, or connecting to remote windows systems with remote desktop, this isn't a native feature. Luckily, it's a pretty easy hack to get seamless windows.

Enter SeamlessRDP from Cendio. This little program extends the standard RDP system a little bit to provide for complete desktop integration when using rdesktop. It works in conjunction with rdesktop, so other tools such as tsclient won't work. Unfortunately, the directions for this aren't always the most clear, and they didn't work with my instance of VMWare, so here's how I managed to do it. These instructions are specific to Windows XP Pro.

1. First, go and download seamlessrdp.zip and extract it to something like c:\windows. There should be three files in there, the one that we really care about is seamlessrdpshell.exe.
2. Make sure that that you allow remote connections, go to control panel->system->remote and check "Allow users to remotely connect to this computer". At this point, you'll be able to test a remote desktop connection to your virtual machine through the command rdesktop REMOTESERVERIP. You'll notice that you're still running everything in still running a single window because we haven't invoked seamlessrdpshell yet.
   

   Enable "Allow users to remotely connect to this computer"
3. Enable welcome screen and fast user switching -- this is something that you normally don't see in enterprise deployments, but apparently it is necessary for this. I can't figure out how to make it work without this. Go to control panel->user accounts and check both of the options.
   

   Make sure both options are checked
4. Tell Explorer to not draw the desktop -- the reason is pretty simple, if explorer drew the desktop the window would still be full screen. We can change this by creating a new registry in My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Call it NoDesktop, and make it a DWORD with a value of 1. This will keep explorer from drawing the desktop.
   

   Create a new DWORD registry entry called NoDesktop with a value of 1
5. Here comes some of the stranger stuff, that you may not need to do, but I found necessary for my system and it wasn't properly documented anywhere. In most cases, you can specify an application to run with the -s option to rdesktop, unfortunately, this doesn't work on my system. Instead, we'll need to use a rarely used program that allows you to set system level policies. Go to start->run and enter gpedit.msc. Select User Configuration->Administrative Templates->Windows Components->Terminal Services.
   

   Run gpedit.msc and navigate down to User Configuration->Administrative Templates->Windows Components->Terminal Services.
   Now, the crutch that we'll use to select "Start a program on connection". Double click and check the Enabled box and enter in c:\windows\seamlessrdpshell.exe c:\windows\explorer.exe. Click apply and then exit.
   

   Enter c:\windows\seamlessrdpshell.exe c:\windows\explorer.exe for the command to run on connection.
6. At this point, if you log out, everything should work, but the graphics may be a bit funny. In my experience I've found that there are two more small changes necessary before everything works nicely. First, make sure you're using the Windows XP appearance and not the classic appearance. Second, uncheck the option to keep the task bar on top, as this will cause issues when maximizing windows applications. And finally, you can't have another panel on the bottom or the start bar will try to redraw itself poorly, over and over.
   

   Uncheck the option to keep the taskbar on top
7. Now, all you need to do is make sure you're logged out of the virtual machine, and execute the following command: rdesktop -r sound:local -A REMOTESERVERIP:3389 -u "WINDOWSUSER" -p "WINDOWSPASSWORD". If everything goes well you should get a nice little windows start menu at the bottom of the screen and your windows apps will run seamlessly. It's not 100% perfect, but any sort of virtualization, especially a hack like this, never is. In particular, sloppy focus causes windows programs to jump to the front. But other things work great, like a shared clipboard and sound. It makes working in both worlds lots easier.

The final product

Dear Liferea,

I wish I could break this to you easier. I wish I could say, "It's not you, it's me." I wish I could just do the college freshman breakup and say, "Hey, you're a great feed reader, you do a good job. You're probably the best on Linux, but I'm leaving Linux, so I can't take you with me." I wish I could make this easier, but I can't. So, I'll be blunt, you're just not up to snuff anymore. Ubuntu has made me want more out of my laptop. I can't settle for good enough, it needs to rock my world, and to be honest, Liferea, you've stopped doing that form.

At first I could handle your little strangesses. The fact that I seem to get an inordinate number of Yellow screens of death from even slightly misformatted feeds should have been a warning. It's the web, you're supposed to be open to different translations, people messing things up. You're supposed to be flexible, but you're not. You're stale. You remind me of 2001.

As time went on, you became more picky. Startups began to drag on. Waking you from your slumber would sometimes take a couple of minutes before your window would even appear and let me know that you're alive. Even after letting me know you're alive, you frequently went non-responsive and shunned me. Leaving me solid colored boxes on my desktop and a warning that even though you're ignoring me, if I try to make you go away, it could have dire consequences. Yes, it's turned into a bad relationship. I'm sorry, but I can't live with this cycle of dependency and rejection. You're getting the boot.

And, no, before you ask, I wasn't seeing other feed readers before coming to this decision. But I've taken some looks since then, and found that you still are probably the best around, but you're just not right for me. Thunderbird is a great standby and mail reader that has some support for feed reading, but it's a cruddy hack, forcing me to view the entire web page. It completely ignoring most of the stuff in the feed, such as embedded media and tags. It feels like I'm reading RSS feeds in some sort of bizaare love child between an email client, a web browser, and a feed reader that was genetically engineered by a committee. It's painful and slow. It reminds me of being back in the days when I needed to visit each web site by hand. Sure, it probably meets some enterprise specification, and would be a great friend if I were in a locked down corporation, but I'm more open minded and free willed than that. I can't handle how Thunderbird wants to confine me.

I also looked at some old friends from before I met you. Straw was my first and I considered hooking up again. Sadly, it lookes like very little has changed since I decided that that was a match that could never work. It still is kidna slow, chunky, and sometimes likes to ignore me just like you do. Straw feels familiar, it's in Python so I can hack it, but I shouldn't have to. It should just work. I'm not looking for high maintenance right now.

After I broke up with straw, I was with Blam!. It was sexy, it was fast, it was C#. Hey, I thought that experimenting with C# was a good idea at the time, turned out it was just bad advice from a friend. Blam! still refuses to play well with others, crashing completely on numerous feeds. Blam! also found a way to take up more of my time and resources that you ever did. Clearly Blam! would make a poor replacement for you, Liferea.

Some of my friends have been telling me to try out the new bicycle in town, Google Reader. Everyone is doing it, it's fast, it's slick, and it means that I don't need to worry about what's on my system or do any maintenance. Plus, it's available everywhere and I can take it with me on a plane. I've thought about, and may still visit it, but I'm worried information it keeps about me and what it will with that information. Will she go out and let the man know that I read Al Jazeera if they ask? She also has a nasty tendency to want complete control over all of my information. I'm not sure I'm willing to become that dependent.

You see, Liferea, it's not that I have something else right now. It's just that I can't be with you anymore. I hope you can understand. One day, we may look back on this day with fondness and conclude that it was a great relationship. That you let me experience feeds like never before. In the mean time, I'm just going to take my OPML file and go looking for someone else.

Sincerely,

Patrick

This week was what is becoming my annual pilgrimage to Santa Clara, California for EclipseCon. Last year during the conference I took CalTrain from Mountain View to San Francisco to have dinner with Kenneth. It was there that I noted that NetworkManager unceremoniously crashed my laptop when it was exposed to the hundreds of networks visible on a high speed train barreling through Valley.

This year I repeated the experiment and found that NetworkManager never crashed. Here's a little bit of proof in the form of a screenshot that shows just a small fraction of the number of available networks. This was taken sometime earlier in the trip -- there were only about 75 networks in the scroll view at this point. At some points there were well over 300 networks in the scroll view.

It wasn't completely 100% yet. There still was the tiny little issue of a very slow and non-responsive user interface when activating NetworkManager, but it's certainly a good start to see it can handle so many networks. Perhaps next year I'll try and see how it handles multiple network cards during the trip.

About a week ago I picked an M3 DS Real card for my Nintendo DS for playing homebrew, and more importantly, watching movies on a series of annoyingly long flights in the coming months. After a moderate amount of fighting, including finding out that the SD card I bought for the device wasn't compatable with it and having to pick a new card up, I've been pretty pleased. It works great as a music player, plays back movies from MythTV nicely, and I've hooked up some scripts to transcode recorded programs from Miro, so I can load up on content and then watch it as I sit at the gate waiting for my plane to be delayed again.

A very nice added bonus of the card in addition to the multimedia capabilities is the ability to load Nintendo DS hombrew, including some great games such as Warcraft Tower Defense and Lemmings DS. But the big one came after I already had the card -- Quake 2 for the Nintendo DS. Like Simon Hall's original Quake for the Nintendo DS, this version requires the original data if you want to play the full game. Luckily, I have a Quake 2 CD from way back in the day. Unlike the original Quake for the DS, this version requires a RAM expansion, the 4MB on the DS just can't handle the game otherwise. Luckily, the M3 DS Real can be purchased with a rumble ram pack, which supposedly provides 32MiB of RAM and a rumbler for the device. Sadly, it appears that there is no documentation for how to get the ram to work with homebrew. Numerous folks with the card are having similar issues with the RAM not being accessible and Quake 2 DS crashing. I decided to do some investigation of this issue and discovered that most programs detect the ram as a G6 Flash device, which is from the same company. However, apparently they don't work the same, as MemtestARM reports errors on the inversion test at address 0x8400000. Want more evidence, check out the video below:

I've done some searching and there doesn't appear to be an API out there for accessing the memory on the M3 Rumble RAM, and with everything mis-detecting it as G6 Flash it means that most programs that use extra ram will crash -- such as DS Linux. Looking around, it appears that even the folks behind the card treat it very similar to a G6 flash as the patch for the Opera Browser is called G6_OPERA.ips. However, I don't own the browser, so I can't even confirm if the patch works properly.

So, does anyone have any idea about how I would access the RAM on this card? Or should I just spend $20 to get the EZ Flash 3-in-1 card that most folks have and is well supported for Homebrew?

One of the major issues with utilizing a virtual machine for a server is that of time synchronization. VMWare normally has access to a real time clock handler that helps to synchronize time, but even that causes time to skew. This issue becomes more prominent with modern processors that support CPU frequency scaling. However, there are many cases where even the VMWare custom kernel module can't manage the time skew properly. Such was the case with my updated VMWare virtual machine -- to put it simply, time had stopped.

Looking around, it appears that some of the problem may be to the new tickless features in the linux kernel. Basically, this feature allows the system to stop waking up periodically if there is nothing to do. On desktop and laptop machines this saves a lot of power and is a key feature that has helped the OLPC be such a power miser. However, it also really screws with the clocks in virtual machines, and may be cause of other issues. I've also read that there are issues with heavy disk I/O and Gutsy in VMWare Server -- which is my virtualization platform of choice.

Previously, with the time issue, I would fix problems by adding in a cron job to periodically synchronize the date with a remote system. It's important to note, that ntp won't work because it tries to gradually synchronize the time -- so it will never catch up. However, using a cron job on the virtualized system relies on the virtualized system eventually hitting even minute marks. Last night in the course of 12 hours, my time advanced 32 seconds; cron is not an option. The solution is to have the host operating system, which can keep time, periodically SSH into the virtualized machine and synchronize the time. Getting started, you'll need to activate the time service in xinetd on the host operating system. Open up /etc/xinetd.d/time and change the lines that say

disable = yes

to say "no". Restart xinetd by running /etc/init.d/xinetd restart and you'll now be able to rdate to your host machine.

The next step is to create the ssh key and setup the cron job to connect to guest operating system. These commands should do it for you. Hit enter to leave it without a passphrase. Then, copy the key to the guest operating system.

root@host:~# ssh-keygen -t dsa -C "automated RDATE ssh key" -f id_dsa.rdate
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in id_dsa.rdate.
Your public key has been saved in id_dsa.rdate.pub.
The key fingerprint is:
d4:5f:01:83:ee:df:e0:e4:ea:ff:0a:6e:50:d1:e2:d3 automated RDATE ssh key
root@host:~# scp id_dsa.rdate.pub USERACCOUNT@GUEST:

Now that the key is on the guest, it's time to enable a passwordless login. First, login to the guest machine, and open up a root shell using sudo -s. Then run the following command to add the new key to your ~/root/.ssh/authorized_keys.

echo 'command="rdate -s HOST"' $(cat id_dsa.rdate.pub) >> ~root/.ssh/authorized_keys

The final step is to edit your /etc/crontab on your host system, and make the time synchronization happen every five minutes or so.

*/5 * * * * root ssh -i ~root/.ssh/id_dsa.rdate root@GUEST "rdate -s HOST"

Now, you should have a nice infrastructure set up where your VMWare virtual machine will never be more than five minutes away from the actual time. It's important to note that there are a few alternative ways of doing this. For example, one could bypass the usage of rdate entirely through some clever shell scripting that passes the time on the host system to the time command on the remote system. In my experience, this works in a homogeneous environment, but not every system can interpret times in the same way, so sticking with rdate seems like a good compromise.

This morning while sitting in my office, I received a telephone call from a presidential campaign seeking a donation. I found this interesting because I have yet to donate to any presidential candidate this year. While I was more than happy to donate some money to the campaign, a thought came into my head while dealing with the guy on the phone -- how do I know you're really working for campaign X? It would be trivial for someone to say they were with a campaign, start calling people, and get a few credit cards here and there.

My first inclination was to check the caller ID on the call, then enter the number into Google and see if it came back with anything. Unfortunately, the caller ID was blocked. I thought about it and realized that someone with a moderate amount of skill and planning, of which it seems most scammers have neither, could get an account at SpoofCard and make their call seem as though it was indeed coming from the campaign. Thus, I could not use this obvious piece of information as verification of the mans identity.

I realized that if they had my name and phone number they must have had other information on me too. I asked the gentleman on the phone where my information was obtained from, and he informed me that it was from a list of donors to a previous round of presidential campaigns. If that was the case, then they should have information such as my address on file also. Sure enough, they had my old address from 2004 on file. While this was enough to convince me that the man was most likely affiliated with a real political campaign it wasn't enough to convince me to donate money over the phone. A nefarious individual could still look up information about past addresses and then figure out which one would have been valid at the time. However, this is a lot of work for a relatively small probability of payoff.

I volunteered to donate money over the internet, and the man was very against the option, replying that is possible to process the transaction over the phone in under a minute -- that's funny, on a high speed connection I can find a candidate's web page and donate money in under a minute. Anyway, after some going back and forth I informed the marketer that he had succeeded in reminding me that I had been planning to donate money (it was even in my copy of thinking rock), but I couldn't do it online because it didn't feel secure.

So, for anyone who reads this, what actions can a campaign take to make sure that a recipients of marketing calls know they're legitimately calling from the campaign? Absent of political beliefs, what credentials would a person over the phone have to communicate to you to get you to donate?

Recently, there were two enormous acquisitions in the world of Open Source Software. Back in January, Sun Microsystems announced it was purchasing MySQL for $1 billion. About two weeks later, Nokia announced it was acquiring Trolltech for $153 million, about a seventh of what was paid for MySQL. Both purchases have huge implications for Open Source -- MySQL, despite its shortcomings, is the most popular database for web application stacks, and QT, the major product from Trolltech is the foundation for KDE and a variety of other cross platform graphical programs. In both cases, the new parent companies have pledged that little will change with regards to the Open Source offerings. Nokia has made it clear that they will continue to support Maemo, which is based off GTK+ and GNOME on their "n-series" of internet tablets, while moving to a QT based user interface for their mobile phones.

Whenever acquisitions like this happen in the Open Source world, it naturally raises some concerns, despite pledges from the companies. It wasn't long after Novell purchased SuSE that people realized that something was at odds with their prior purchase of Ximian -- the two desktop environments were diametrically opposed to each other, having standardized on different widget toolkits and development toolsets. Eventually, the influence of the Ximian people won out, and SuSE changed to have more of a GNOME focus, although KDE still seems to be the dominant environment on the platform. Community members also start to fear a loss of voice within the community and may start to feel alienated from the new corporate project overlords. But is this really a concern?

For more insight, lets look at the seven largest Open Source acquisitions (original source):

• MySQL bought by Sun for $1 billion
• Cygnus bought by Red Hat for $675 million
• XenSource bought by Citrix for $500 million
• Zimbra bought by Yahoo for $350 million
• JBoss bought by Red Hat for $350 million
• SuSE bought by Novell for $210 million
• Trolltech bought by Nokia for $153 million

What is the common thread between all of these topics? They're all predominantly commercial type projects to begin with. Sure, there were always hobbyists who used MySQL, Cygwin, Xen, SuSE and QT, but the majority of development was still done in the cathedral. Zimbra and JBoss are almost exclusively designed for enterprise class deployments, with miniscule community outside of the main development. The fact, is that despite their appearances and the availability of source source code, most of these projects never were the type of Open Source that most people participate in for fun or skills.

Rather, these projects are a different class, business open source. They're fundamentally different from projects such as GNOME, KDE, or even Mozilla. In most cases, these projects are backed by outside investors who seek to build a business around the project, the community is just a side effect of the process. While they have community forums, mailing lists, publicly accessible source code repositories, and bug trackers, who really calls the shots when it comes to development? In most cases, while the decisions are influenced by the community, the primary sponsor of the project makes all the critical decisions. Leaving little ability for the community to experiment with new implementations or ideas -- for fear their work will be rendered obsolete in the next release.

This has an even more insidious effect -- it robs the community of a skilled development pool. Rather than providing volunteers the ability to experiment on these ideas, by managing the project in a hierarchical environment, these individuals are given little chance to learn on the code base, possibly stripping the sponsor of a valuable talent pool. It also reduces the affective attachment to the project of the community, reducing most of the participants to a utilitarian perspective, willing to leave if another project provides enough benefit to overcome the switching costs.

The traditional view of open source has been that the community owns the software, and they make the decisions around it. However, this clearly is not always the case. When considering participation beyond the utilitarian level, be sure to ask yourself if your voice will be heard and your contributions will be valued. Otherwise, you may just be contributing to someone else's bottom line.

Last Friday, I had the chance to hear CMU SCS Ph.D. alum, and president of Google China, Kai-Fu Lee speak on the building Google China and what it means to do business in China versus the United States. It reminded me of the fact that what we accept for "The Internet" -- Amazon, eBay, Google, Yahoo, Wikipedia, Flickr, etc -- isn't universal. In fact, what we refer to as the "The Internet" barely exists in other markets. Most American web companies that have invested in China have failed spectacularly -- never gaining market share, or buying the dominant Chinese firm and running them into the ground. Dr. Lee made it clear that Google was planning for the long run and had no intention of being driven into the ground -- largely because they have the resources and are willing to burn lots of cash in the process of understand the market and developing tools to serve the market.

Throughout his presentation, he briefly mentioned a few of the political challenges around building companies in China. For example, when he was listing how Chinese view western web products, for Wikipedia he listed "no access to wikipedia" and for MySpace he listed "periodic access to MySpace". These garnered a chuckle out of the people in the audience, but they highlight very real issues with the Chinese governments attempts at censoring the net. Google, for their part, has acquiesced to the Chinese government demands, and censored their search results.

An easy, and obvious example of this is doing a Google search for Tiananmen Square. On the English language web, the top hits on this topic are related to the 1989 massacre there. On the Chinese web it's all the articles you'd see about a square area in any large city. Of course, most Chinese aren't going to be searching in English, rather they'd search for 天安门广场. Comparing the images on the US Google images search and the Chinese Google images search shows quite the difference. For the US the first four images are typical info images, but then the subject quickly changes to the protest with the photo of the tank man who defiantly stood in front of a column of Chinese tanks only to later be whisked away to who knows where.

According to Dr. Lee, the real reason for this is that Google tries to provide culturally relevant searches. This makes some sense -- in the UK someone searching for Biscuits is looking for what we call Cookies here in the US. They should not be subject to dozens of recipes for biscuits and gravy. At the same time, most people above the age of 25 know the power of the protests in Tiananmen Square -- I was nine at the time and vividly remember the news and pictures out of China. It's an aspect of Chinese history that has been washed away by the Chinese government -- only they can't erase the memory from the rest of the world. It also sets a very dangerous precedent for companies operating in repressive regimes. What if the protests from Burma, which were captured on Flickr and numerous other sites, happened in China? Would Google be obligated to censor such information at government decree? The answer is probably yes, and I'm sure they would.

When pressured about the issue through a question which was much more weakly worded than what I would have used (I tried to get called on, but was in a bad position), Dr. Lee stated that Google's position was that they believed the Chinese people were better with their products than without. Translation: "We'd really like to make money there, even if it does help out a repressive regime". Will all this make me stop using Google products? No. Does it change my views on Google? Yes. I'm very disappointed that a company that is so loved in the US has taken such a weak stance abroad. They claim they have patience, if that's true, they should have the patience to not contribute to a corrupt totalitarian regimes effort to censor information for the purpose of maintaining a political elite with complete control.

I was looking for a store in the South Hills of Pittsburgh a few weeks ago and wanted to make sure that I found the store okay, enter Google Street View. I popped up the location into Google Maps and started looking around. Yech, it was pretty far off. However, I did discover that even the googlers need to eat. Apparently they favor Wendy's.

View Larger Map

In August of 2007, Jeff Atwood wrote an article about Thirteen Blog Clichés. While there is some irony in the sense that one thing that he said he hated was blogging a blogging, and that's what that article is, it generally contains some pretty useful information. I've tried to follow some of those pieces of advice in the design of my new weblog software. Thus, you won't find the calendar widget anywhere -- no one used it and I didn't blog enough to have it up there. You'll also find that I don't blog about my daily life anymore. Number 3 on the list, however, struck a chord with me. So here's a bit of info about me and contact information for folks looking to find me.

My name is Patrick Wagstrom and I'm a graduate student in Engineering and Public Policy and Computation, Organizations, and Society at Carnegie Mellon University in Pittsburgh, PA. I should be finishing my Ph.D. real soon now. You may be able to find some more information about what I do on my academic page -- but I'd guess that's out of date right now.. The best way to get ahold of me, is, and most likely always be email -- patrick@wagstrom.net. Look, I'm even brave enough to put my email address in plain text. You can also reach me on Google Talk at patrick@wagstrom.net.

I don't use and have no intentions of using services like Jaiku, Twitter, Facebook, Orkut, or whatever the fancy thing of the week is. I've got some actual work to do, and in my view most of those are just substitutes to make people think that they're doing real work. Also, the privacy implications of those services are astounding. Seriously, watch out for your privacy when using those services -- or rather your complete loss of privacy.

I'm passionate about open source and developing technology that connects multiple disparite pieces of technology and communities. In particular, I'm really interested in social software and online communities, which is rather ironic given how I shy away from many communities. I'm an active supporter of the Electronic Frontier Foundation, periodically contribute to the GNOME Project, and frequently give talks about digital rights management, online communities, and the future of technology.

This weblog runs a piece of software called PostStreet. It's a fairly simple python based blogging system that I wrote during a self-imposed 24 Hour Weblog Challenge. Most of the logic and design was done over the course of a 24 hour period, or which only about 12 were actually working on the system.