Some registered users may have received email notifications with a new temporary password. This is because until just a few minutes ago, many emails from this site were being blocked by our upstream ISP (Rogers) due to some issues with the headers in those emails. Likely this has prevented many users from registering and submitting comments .. but it is all working great now.
If you are running wordress on a debian-based system, and your ISP does implement good controls around outbound email (like ours), feel free to reach out to me here on ways in which you can work to get your specific configuration working the way you want it to. In particular, among the big residential ISPs (Bell, Rogers, Cogeco) there are differences in their outbound email policies, and I support blogs running on each of these. Rogers provides a more technically sound solution in the residential arena, however it requires stricter local configuration to work properly and their customer service does not have the technical knowledge to easily support what their engineers have in place. For us, there are a number of configuration factors in play, namely:
Correct configuration of our MX records in DNS
Alignment of MTA daemon configured hostname to those MX records
SPF records that contain all our sending hosts, including ISP SMTP servers
Registration of valid senders on mail servers, including upstream ISP SMTP servers
Proper configuration to allow authentication with upsteam ISP SMTP servers
Proper re-writing on the local webserver for all outbound email (corrected today)
Notably outbound mail on Bell generally works even if you mess up or do not complete #2, #4 and #5. I had been testing using my local email domain, bypassing some ISP checks related to #6, until today. Just a few years ago email worked fine ignoring all these steps and I expect that some day soon all ISPs will require all steps, as it no doubt enables more spam senders.
For debian-based hosting setup as a satellite with an ISP smarthost, I have found exim4-daemon-light the easiest to configure to manage everything outside the DNS configuration for successful Wordpress email integration with any of these ISPs. I may post a more comprehensive HOWTO based on our setup. Until I do that, reel free to register here, and peek at the headers of our emails _ nothing was done to any Wordpress configuration; It all happens in the backend MTA, noting that we also run Wordpress in a multi-site configuration.
In anticipation of the big Superbowl XLIV game this Sunday, there is a lot of banter in the social channels. It might not be an original idea, but I found this DC vs Marvel mock match-up hilarious. Although I seem to be familiar with more of the DC team players thanks to childhood cartoons, the Marvel line-up is easily associated with recent motion pictures. Personally, I can think of a number of entertaining on-field match-ups that would certainly include The Blob being handled by Supergirl at the line of scrimmage. If Vince McMahon had these teams, he probably would have succeeded with the XFL. The real question is how the DC team would stand up to this other Heros team that has been called creepy by some.
At the January Toronto Product Manager Association meeting I had an opportunity to listen to Alfred Tan, a Senior Director in Sales at Facebook, lead a discussion on Marketing in Social Media. I was a great presentation; Delivered on a Mac using a Rogers Rocket Stick, it had lots of really interesting slides and a wealth of stimulating media and data supporting successful product marketing initiatives within Facebook.
Personally, there were two thoughts that rang bells in my mind listening to Alfred’s presentation; The potency and viral nature that opinion brings to a brand exposed in social media and the potential for new product-related business intelligence and personalization of the product message based on data relationships originating in social networks.
I found strong validation for the idea that there can be risk to any large active brand that is trying to ignore engaging resources in social media. If you choose to ignore Facebook as a CPG marketing manager or retail marketing manager, and then discover that a social community is impacting your brand message (due to opinion or legit product/customer issues), it may be too late to do anything but try to hire some of the trusted messengers right out of the influencing community. At this stage of the economic cycle I would expect this is something that more and more skilled and unemployed marketers may be beginning to realise in order to leverage themselves back into the industry with their new ideas. Put another way, there appears to be incentive to create impact to a corporate brand in order to bring awareness to the personal brand. I expect (and know) most CPG brand managers have Twintern(s) keeping an eye on things in this domain.
The other thought, most strongly stimulated by this presentation, was validation that the federation of identities between established Identity stores like Facebook, Google, etc. provides a powerful mechanism through which businesses can flush out new successful products and guide potential new customers, among other things. The keynote here for me is that the identity allows for both powerful business intelligence (useful to both the provider and consumer of the identity) and personalization of product messages based on knowledge gained from knowing the identity of a user (browsing, chating, sharing, using). Sounds like nothing new, except that the community has a way of proofing the identity through the relationships established with other users. There is a lot of self-policing and opinion that helps ensure presented data about a user is somewhat accurate. This makes any identity associated with a user and one or more communities much more valuable as a driver for BI or Personalization type activities.
Internally, Facebook is already delivering this BI and Personalization to its business customers; Some great eye opening examples for both products and services were in Alfred’s presentation. Starbucks, Coca-Cola/Energy Brands, BMW to name a few. Facebook does probably the best job today IMHO of softening identity relationships for public consumption using terms like “Friends” and “Fans”.
Two years ago experts knew that 75% of people look to social networks when considering product purchases as shown below. The impact of the identity will no doubt create an even wider gap between the average measures of “Cost Quality” (a McKinsey term from below) as it relates to the effectiveness of retailers with and without identities covered by their go-to-market strategy.
Externally, once other organizations finish getting a handle on their employee identities (something I am actively engaged with on a day-to-day basis with our products) they will begin to look outward and leverage the power of B2C and C2B identity relationships… with C representing the Social Community where their customers reside. There are certainly not many technology constraints here, although it may not be perceived that way by everybody.
The benefits, for example at a retail web site, include having individual consumer expectations more closely met with each interaction as long as that individual has a compatible identity. Logging in and collection of preference data are no longer part of the consumer experience. The Identity brings with it relationships between customers (in other social communities), relationships to feedback (direct and in other communities), knowledge about the customer (location, age, preferences) and drives each interaction, personalizing it and improving the experience for each subsequent potential customer or the return of an existing customer. For instance, imagine driving the customer directly to the two brands or models he or she is interested in without having them guide themselves through a retail site on their own.
Businesses that have established customer identity stores will be the first to lead this next wave IMHO. Where will they learn about you?.. Just think of where you log in today; where you are part of loyalty programs today; where you participate in an online community today.
There is no need for consumers to worry about which Identity store will be the end-all (i.e. rush to OpenID, Google, Yahoo or Facebook now) and no need for retailers to fear being at the mercy of an identity provider for an information service fee. To help understand this point, think about the evolution of plastic in the wallet. Generally people prefer to minimize the number of change cards in their wallet. That does not stop them from shopping anywhere, and carrying either Interac, Visa or Mastercard. This same motivation will drive people to a single, portable, preferred identity (but not necessarily all from the same source). It will also push Internet sites to share their identities and any public meta data they have (anything you would know about your “friends” on Facebook), and allow them to be used anywhere. The providers that put up the first road-blocks on information sharing will likely find the end of the road, whereby they are bought “on the block”, re-thought and re-exposed in a more compatible, profitable manner.
A few nights ago I watched Avatar for the second time in 3-D, in an effort to qualify the difference between regular 3D and IMAX 3D. The difference was astounding, both in the picture quality due to the 10x resolution jump IMAX frames provide, the super-sound and the fact that many scenes seemed to have far more depth with detail. One aspect in particular, people seem to agree with, is that the scenes with the holographic computer consoles had obvious clarity in both the foreground and background compared to the normal 3-D where computer consoles in the background just become a blurry mess. You could read the writing on truck tires, the side of weapons, and other small places that gave you a real appreciation for the level of detail.
The real highlight for me was not related to IMAX at all. It was when a colleague of mine shared with me the news that the super-computing power required for the animation, that supposedly delayed the creation of Avatar for James Cameron for more than a decade, came from a multi-core Ubuntu system. Awesome. My online source Jordan Hall is here.
The real facts of this mega-Debian-SMP system at Weta Digital are apparently:
35,000 cores
over 4000 Hewlett Packard Blade servers
each minute of rendering equates to approximately 17.28GB of data
10Gbit SAN
nVidia Graphics
Below is an impressive photo of the water cooling required for the system. It actually looks more like an HVAC room given the size of the pipes, and lack of any obvious computer related equipment.
I know of some other facts that may have a relationship at work here.
“Toy Story” (1995) was the first feature-length computer-animated film, so successful it pretty much pushed hand-drawn animation to the sideline. It is also the source for all Debian distribution names. (Potato, Woody, Etch, Lenny)
Weta Digital were involved in “District 9″ and “i,Robot” (which I enjoyed) among others.
This allows for offline blogging allowing you to make good use of authoring moments away from the Internet.
The interesting part is that Google nor Wordpress make it that evident that gears is available via the packaging system for Ubuntu. The typical links on their respective helppages lead nowhere. Enough said, it is well documented here.
One new feature found in the recent Karmic (Ubuntu 9.10) release is a nice Gnome desktop notification provided by a tool called Palimpsest Disk Utility that interrogates SMART drive information.
Upon upgrading from Intrepid to Karmic last November, I was presented with a new notification from this tool.
Upon clicking with my mouse I was presented with some startling facts about my current drive health that have me wondering when my disk is going to fail. The details below suggest my data is in jeopardy and that I should start to plan a disk replacement in the near future. Since I run a RAID-1 setup the failure should result in a 10 minute disk swap at my convenience, and I look at this as more of an experiment. At nearly three months since first detection (who knows how long the issue was there prior to Karmic), my pseudo-dead Hitachi is doing quite well.
I have known about this type of information for a number of years and periodically used smartmontools to interrogate drives that sound funny, have been accidentally run hot for extended periods of time or exhibit other signs of impending failure. This is great for servers, where events from rolled-up syslogs are filtered by tools like logwatch which pass on key data for system administrators to act on. On my laptop however I do not run this daemon, preferring one less process running in the background, slowing my startup if only to send me an email (if my configured exim is even within reach of an outbound smtp gateway) or dump a few lines in a syslog file or a console screenlet I only peek at when something is obviously wrong.
For the convenient notification now in Karmic, I am grateful; I am sure others will also have more respect for this subtle addition when the time for impending disk failure is upon them. In my business operations we are pretty much split evenly with a strong Windows tier (running XP through 7 depending on tolerance for re-installation and cost justification) and a growing Linux tier running Ubuntu (Karmic at this point in time). I sure hope Windows 7 has something similar, as there is a lot of pressure to get the most out of laptop hardware as businesses are recovering from the recession.
Today I was following up on some harmless messages I have been seeing on some iSCSI Initiators I have setup that provide disk to a number of ESX servers over a Gigabit LAN. It appears that there may be some limitations running the newest flavour of ESX with current IET. One recent comment from an OpenFiler forum which implements a similar configuration to the one used on our Debian Lenny servers states very clearly that IET may not be robust enough to handle peak disk I/O on an optimized Gigabit LAN segment serving VMWare VSphere servers. This post by alhall explains a lot what people have been seeing in some other OpenFiler threads I have been reading today.
The bottom line here is to stick with ESX 3.x with IET for now. As a side note, there are a few IET.conf performance tweaks laid out nicely here with explanations on what each does.
A few years ago Toronto Hydro replaced my household hydro meter with a digital one (aka Smart Meter). Since logging in initially a few years back, I receive periodic updates reminding me of the fact that I can review my consumption levels and the impact of Time-Of-Use (TOU) billing online. Out of sheer curiosity, I decided to peek at my usage and perhaps stir up some interest with other individuals that have this same ability and do not realize it. After all, their web site states clearly,
Generally speaking I believe most Torontonians should now be able to access their meter information through Toronto Hydro’s digital meter web site for residential customers. Below are three graphs of my usage for the same period in each of the last three years for comparison. Fall 2007: Fall 2008: Fall 2009:
Interestingly and surprisingly, our household has cut down on hydro consumption. Hopefully this trend will continue as there seems to be more motivation to do so now that data is easily reviewed in the web interface. I hope Toronto Hydro continues to improve this interfaces as it has a few issues around data selection and presentation that can make it a bit difficult to get the data you are looking for. Specifically the issues I discovered are
Some of the date range fields for the graphical output only function when you select data by billing periods, even thought there are secondary input fields (yes two tabs for date input) for specific start and end dates, and the supporting data for any range is viewable when you export in XLS format.
The tools are somewhat limited in their ability to do comparisons. i.e. There is no way to compare a range of dates from one year to one without comparing screen captures in a similar manner to how I have above.
Some of the functions return errors when you enter older dates (2007,2008 in my case), suggesting the data does not exist even though the data is viewable in other functions and exportable in XLS format.
Of course some of this could be issues relating to the site rendering in Firefox 3.5 (on Ubuntu), but I would expect this not to be the case, as IE-only compatibility is really considered a bug in by today’s standards IMHO. Likely they are aware of these issues, and simply waiting for a bit of user uptake to justify the investment in some updates and changes. Hopefully this post helps.
It seems that Virtualbox 3.1.x now implements a quick check to see if the hardware virtualization extensions are in use before launching AMD-V enabled guests. There seem to be two key issues with this change
Buggy BIOS’s that do not clear a VERR_SVM_IN_USE flag properly on boot
KVM modules that set the VERR_SVM_IN_USE flag when they load on boot
Either of these issues will prevent a VirtualBox 3.1.x guest from loading with AMD-V virtualization enabled. Depending on what type of guest you are running, you may not even notice this issue. Some virtualized 64-bit guests may not even operate as they require the extensions to boot (vt-x error message). Other virtualized 32-bit guests, like my Windows XP 32-bit guest, will load without the hardware virtualization extensions running resulting in a performance hit. In this second case, if the little computer chip icon with the “V” is faded then you are not using the AMD-V extensions. Shown below is a working VirtualBox guest with active AMD-V (not faded) icon highlighted as it should be normally.
Any system that shows “svm” in /proc/cpuinfo may benefit from AMD-V extensions running a virtualized guest OS. On my dual core laptop this looks like:
Examining the second issue, the current qemu-kvm package loads kvm which sets the VERR_SVM_IN_USE flag checked by Virtualbox, even if the modules technically are not in use (IMHO, this seems like a kvm module bug to set this flag). One workaround if you have the issue described above is to disable the kvm extensions using module blacklisting, and modify the qemu init scripts to honour the blacklisting configuration.
Step 1: Apply a quick patch to /etc/init.d/qemu-kvm, adding --use-blacklist to the code snippet below as stated in this Ubuntu bug report. This should appear in Karmic *proposed* sometime soon.
case "$1" in
start)
log_begin_msg "Loading kvm module $module"
if [ -z "$module" ]
then
log_end_msg 1
exit 0
fi
if modprobe –use-blacklist “$module”
then
log_end_msg 0
else
log_end_msg 1
exit 1
fi
;;
Step 2: Create a blacklist configuration file in /etc/modprobe.d to prevent loading of the kvm modules. My configuration contained in a file I created/etc/modprobe.d/blacklist-kvm-im.conf is below, noting I used my initials in the filename to distinguish it from any current or future configuration files deposited by the package management system. Perhaps VirtualBox will ship with a similar one if this issue is not resolved with the KVM maintainers.
imac@laptop:~$ cat /etc/modprobe.d/blacklist-kvm-im.conf
#Workaround for KVM setting VERR_SVM_IN_USE flag
blacklist kvm
blacklist kvm_amd
imac@laptop:~$
Once completed the system should load without kvm confirmed by a quick check of running modules:
imac@laptop:~$ lsmod | grep kvm
imac@laptop:~$
Examining the first issue (Buggy BIOS), the simple thing to do would be to upgrade to a patched BIOS. Assuming the latest BIOS does not solve this problem, the second solution is to load the kvm_amd module and then unload it using the rmmod command. This actually clears the flag, and can be implemented in a simple startup script to work around a buggy BIOS until which point the kvm_amd module behaves differently (IMHO, it really should not set this flag until it is in use, and likely should also detect an IN_USE conflict similar to VirtualBox) and/or a BIOS upgrade/alternate workaround exists.
VirtualBox AMD-V guests should load just like the XP screenshot shown above. This issue is being tracked in various places, including the following related links:
Recently somebody asked me about key verification and signing after noting that emails from some sources (in this case, the Debian Security team) contain key signatures for verification, and that by default the Evolution email client was not validating them. The simple answer is that by default Seahorse, the default key manager for Ubuntu Karmic, does not pre-populate public keyservers for lookup of digital signatures. The interesting thing is that even after making some straight forward changes to the Seahorse GUI which is supposed to manage your gpg.conf options, it does not enable the automatic key retrieval. The process would should work in the future, and may be used by other applications via seahorse. Adding the MIT PGP keyserver and the PGP Corporation keyserver is straightforward. First, launch the Passwords and Encryption Keys application from the Accessories menu in Gnome (this is the Seahorse application), and add the following keyservers through the Edit->Preferences dialogue with their respective types:
LDAP:keyserver.pgp.com
HTTP:pgp.mit.edu
A quick search for the work ’security’ in both keyservers should produce some results verifying that they are working correctly. Setting the flag for automatic retrieval of keys from key servers will ensure that keys listed in the servers will be found by the Seahorse engine from that point onwards.
Unfortunately this does not solve the problem of Evolution looking up keys in these servers. Clicking on a recent email from Debian Security still gives the following output.
gpg: armor header: Hash: SHA1
gpg: original file name=''
gpg: armor header: Version: GnuPG v1.4.9 (GNU/Linux)
gpg: Signature made Thu 31 Dec 2009 11:35:23 AM EST using RSA key ID 02D524BE
gpg: Can't check signature: public key not found
The simple solution is to add the following lines to your .gnupg/gpg.conf file manually, noting that the file itself contains only a single line with a comment stating it is updated by Seahorse. Looks like a bug to me. I found this information in the Evolution FAQ. The modified file with two additional keyserver lines appears as follows,
# FILE CREATED BY SEAHORSE
keyserver hkp://pgp.mit.edu ldap://keyserver.pgp.com
keyserver-options auto-key-retrieve
Once complete, evaluation of the same Debian Security email automatically produced a wax seal. The output on initial read was as follows:
gpg: armor header: Hash: SHA1
gpg: original file name=''
gpg: armor header: Version: GnuPG v1.4.9 (GNU/Linux)
gpg: Signature made Thu 31 Dec 2009 11:35:23 AM EST using RSA key ID 02D524BE
gpg: requesting key 02D524BE from hkp server pgp.mit.edu
gpg: armor header: Version: SKS 1.1.0
gpg: pub 2048R/02D524BE 2002-03-19 Florian Weimer (HIGH SECURITY KEY)
gpg: key 02D524BE: removed multiple subkey binding
gpg: using PGP trust model
gpg: key 02D524BE: public key “Florian Weimer (HIGH SECURITY KEY) ” imported
gpg: 1 keys cached (70 signatures)
gpg: 0 keys processed (0 validity counts cleared)
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: Good signature from “Florian Weimer (HIGH SECURITY KEY) ”
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C8D3 D9CF FA9E 7056 3F32 FA54 BF7B FF04 02D5 24BE
gpg: textmode signature, digest algorithm SHA1
In the Seahorse GUI, this key now appears in my Other Keys section as it should too.
I cleared all the existing keys to demonstrate that the update works. After reading a few emails, checking again reveals that more keys have been automatically added.
For each email with a valid signature, the wax seal now appears as well.
If 
