marcelk.org

Yes, it is a bit early, but I came across a children’s book that will be great for Halloween: “Frankenstein Makes a Sandwich” by Adam Rex. It’s a collection of short stories and illustrations. With selections such as “The Phantom of the Opera Can’t Get ‘It’s a Small World’ out of his Head”, “The Mummy Won’t Go to his Eternal Rest without a Story and Some Cookies”, and “Godzilla Pooped on My Honda”, it is fun for kids and adults. Especially adults. The art is really well done, and the rhymes roll off the tongue. Enjoy!

I just installed a server to test Red Hat Enterprise Linux, and of course I want to pull the latest updates from the network, since the DVD I have is obviously out of date. So I run yum (this is RHEL5), and after the updates are downloaded but before they get installed I get the following error:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186
Public key for gnutls-devel-1.4.1-3.el5_4.8.x86_64.rpm is not installed

Hmm. Some hunting around on Google and it’s not immediately obvious what the problem is. But here are a couple hints: (1) the first line is a warning, and isn’t where yum dies at. (2) the second line is one of the packages I’m trying to upgrade.

It turns out that the warning really is the key to the problem. A read through “man rpm” indicates that the RPMs I’m trying to install are signed, but the key to validate the signature isn’t present. (I would think of these as similar to x509 CA certificates, but GPG calls them public keys.) So OK, where do I get the key from? It’s already on my server in the /etc/pki/rpm-gpg directory, but the rpm command it hasn’t yet been told that it can use that key. To do that, run the command “rpm –import /etc/pki/rpm/gpg/RPM*” to import all the keys in that directory into the RPM database. Note that the “import” flag has two leading dashes, which is typically for an option with a long name. You probably need only the file “RPM-GPG-KEY-release”, so you can be more selective with the import if you wish. The rest of this article assumes you weren’t selective.

Keep reading “man rpm” in the section titled “Digital signature and digest verification”, and you’ll see that the key you just imported can be managed like an regular RPM. Do a “rpm -qa gpg-pubkey*” and you can see ones like the following:

gpg-pubkey-2fa658e0-45700c69
gpg-pubkey-37017186-45761324
gpg-pubkey-db42a60e-37ea5438
gpg-pubkey-897da07a-3c979a7f
gpg-pubkey-42193e6b-4624eff2

And do you see that one of these, “gpg-pubkey-37017186-45761324″, matches the “37017186″ back in the first warning at the top? Run yum again, and the updated RPMs get installed. Success!

Want to verify you got the right key installed? Treat it like an RPM.

$ rpm -qi gpg-pubkey-37017186-45761324
Name        : gpg-pubkey                   Relocations: (not relocatable)
Version     : 37017186                          Vendor: (none)
Release     : 45761324                      Build Date: Mon 10 May 2010 01:49:25 PM EDT
Install Date: Mon 10 May 2010 01:49:25 PM EDT      Build Host: localhost
Group       : Public Keys                   Source RPM: (none)
Size        : 0                                License: pubkey
Signature   : (none)
Summary     : gpg(Red Hat, Inc. (release key) )

Note that the version says “37017186″ (per the first warning above) and the summary says it is the release key (which comes from the filename /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release).

Want to clean up the other keys you probably don’t need? With names like “auxilary”, “beta”, and “former”, you probably don’t need them. Just keep the release key. So again, treat them like an RPM item:

# rpm -e gpg-pubkey-2fa658e0-45700c69
# rpm -e gpg-pubkey-db42a60e-37ea5438
# rpm -e gpg-pubkey-897da07a-3c979a7f
# rpm -e gpg-pubkey-42193e6b-4624eff2
# rpm -qa gpg-pubkey*
gpg-pubkey-37017186-45761324

Now you can cleanly accept signed release updates.

My home has a gas-powered hot water heater located in the walk-up attic (3rd floor). I’d like to give the architect a dope-slap for doing that. Especially when the master bath directly below the water heater takes the longest to receive the hot water. But the real reason why the attic location is an issue is because there have been two incidents where the water heater has leaked which ended up sending water spilling down the lower two floors. If only they could have put it in the garage. Sigh.

Anyway, one of the leaking incidents occurred recently. I just woke up the kids for school. I’m standing in their bedroom on the 2nd floor and asking myself, “why do I hear water running above me?” So I grab a flashlight and dash upstairs to the attic. There is water flowing out of the top of the water heater and down the sides, as if it has ruptured. At least the water heater is surrounded by a drip pan which drains outside the house. The drip pan was full to the brim, and just a little bit had spilled out. I quickly shut off the inlet valve on the water heater and the pan continued to drain. It looked like less than half a gallon had spilled outside of the pan, I consider myself very lucky. Time to call for a replacement water heater. I also take note to make sure the drain on the outside of the house for the drip pan is free of debris that may interfere with draining.

Since the water heater is in an attic closet bounded by the A-frame roof, there is limited height. It turns out that my water heater is a few inches shorter than the typical short model, so it is a bit of a specialty product that the typical big-box retailers don’t carry. So I need to call a real plumber. Although the plumber did a first-class job and was done within 4 hours of when I called them, it also cost me $1100. Ouch.

So while the plumber was working, I was my usual inquisitive self and was asking questions. And I had done some research on the net before calling the plumber. The typical lifespan of a water heater is about 8 years. Mine had died at about the 9 year mark, so it wasn’t out of bounds. The most common cause of water heater death is a build-up of sediment at the bottom of the tank. This sediment is present in the water supply, and simply settles while in the heater. There is a relatively easy way to flush out the sediment, which until then I had never heard of. Here is what the plumber told me:

The water heater should have on it what looks like a spigot near the bottom where you can attach a garden hose, just like the hose bib on the outside of your house you use to wash your car and water your garden. And once a year, you should do just that – a power flush. Get a garden hose (make sure it doesn’t leak before you do this), connect it to the spigot on the water heater, run the hose to a safe location (ie, a bath tub or out a window to outside), open the spigot on the heater and let the water blast though the hose for about 5 minutes. The water will be hot, so be careful that the hose and water output doesn’t hurt anyone or anything. Do not shutoff the inlet of the water heater, you want the water to blast out of the garden hose at pressure instead of simply (partially) draining the tank without pressure. The reason you want it to be pressurized is because of what is behind the spigot – a tube that causes the water flow to stir up the sediment on the bottom of the tank so it can be flushed out the spigot. When the 5 minutes are up, close the spigot (make sure it is fully closed), and remove the garden hose. Be careful of hot water that may still be in the garden hose while you are removing it.

You should do this once a year. I got a Sharpie pen and wrote on my new water heater “flush on March 15″. Had I known about this earlier, I would have done it and would expect a longer lifetime of my water heater. The plumber said that it should be possible to get several more years than average from a water heater that is well-maintained.

For my x86 machines at work, I’m all Linux. Frankly, I just don’t understand Windows Server. Yes, my laptop runs Windows because I have business apps that need Windows. But all the real work gets done by Linux or its Unix friends or mainframes. (I’m sure there are people who will disagree, but I digress). So when I got some surplus hardware that was a bit old, I wanted to put a 64-bit Linux OS on it, but wasn’t sure if the CPU was 64-bit capable. So how to tell? Some search results focused mostly on running Windows and looking at the Computer properties, but I’m not running Windows. Thankfully, there is an easy way. (Some people complain Unix is user-hostile. I think it is expert-friendly. But I digress again).

Get yourself a Live CD of your favorite distro. My current favorite is Fedora. A Live CD is a bootable CD that will let you run the OS without installing it on your hard drive. Yeah, when you shut down all the data is gone, and the Live CD does run slow, but it is a great tool for doing tasks like the following. Most Live CDs are 32-bit, but that is OK – you need the OS just to probe the hardware.

Get to a shell prompt and run the command “cat /proc/cpuinfo”. The proc filesystem is something I have come to love as I’ve learned more about Linux, but I digress yet again. The output of that command should look something like this:

[marcelk@alma ~]$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Core(TM)2 Duo CPU     E6750  @ 2.66GHz
stepping        : 11
cpu MHz         : 2000.000
cache size      : 4096 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi
mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx smx est tm2 cx16 xtpr lahf_lm
bogomips        : 5323.55
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

So out of all those lines, take a look at the one that says “flags:”. There are a bunch of codes there, the meaning for those codes is described in the file /usr/include/asm/cpufeature.h. The flag you want to see is “lm”. It’s an abbreviation for “long mode”, which basically means your CPU is x86_64 capable. So you can run 64-bit Linux, 64-bit Windows, or 64-bit whatever, even though you currently aren’t running it at the moment. If the “lm” flag doesn’t appear, then you can run only a 32-bit OS.

So yes, I can run 64-bit Linux on the computer above. And so… squirrel! … but I digress again.

This is one of those local things that you neither would have heard about nor believed until you see it. For a couple weeks in the spring in North Carolina, the pine trees dump a huge amount of pollen. I’m not talking about a little bit of pollen that a bee would gather, I’m talking about coat-the-world, make-the-atmosphere-dusty, clog-your-nose kind of pollen. The interior of my car is coated with a yellow dust. Every flat surface in the house has yellow dust. I have pollen tire tracks in my garage. When it rains, it looks like yellow paint was dumped in the gutters. It really is unbelievable.

For a quick photographic description, here is a picture of the stairs going into my office building. That yellow stuff is pollen. It’s kind of clear where people have been walking. The rest is not dust, not dirt. That is pollen. It comes from the long leaf pine. The prolific pollen is probably what permits this pine to grow like weeds around here. The good news is that it lasts a couple weeks and a good couple rains washes it away. But the really good news is that this pine pollen is too large to be absorbed into the bloodstream, so it doesn’t effect people.

Maybe it’s just a guy thing, but I was always liked traffic signs. Something about them is official, fun, and about going places. I always wanted to hang some for decorations inside my house, but stealing them is just wrong. So after doing a little research, I was surprised to discover you can buy them. New ones, the real things. Yes, we are talking the highly-reflective full-size mounted on thick aluminum, just like what your city or state uses. These are not the cheap decorations you find in the art supply mega-store.

Here is a sign I purchased and posted outside our laundry room:

I found 3 suppliers online:

• Rice Signs
• The Traffic Sign Store
• USA Traffic Signs

I’m sure there are more, but these are the ones I found. I made my purchase from USA Traffic Signs, and was serviced well. You may have a local supplier if you look in the phone book under “Barricades”.

The stock sign I bought was $18 plus shipping. Also possible but even more expensive are green street signs with whatever name you want (~$40). You can also get US Highway (route 66, anyone?) and Interstate signs with numbers you select, but those are more expensive ($40-60).

There are different sizes available. You probably want the smallest size. The larges ones on the side of the road look small, but that is because you are far away. They really are quite large, too large for a typical decoration.

Also look for the reflectivity: “engineer grade” (good) or “high intensity prismatic” (better).

And if you have an unusual thrist for knowledge about traffic signs, take a read through the Unofficial Manual of Traffic Signs. It even tells you which font to use in Photoshop to make it look real.

Now that you know where to honestly purchase signs, don’t steal any!

And if you are really into this kind of thing, how about a traffic light?

I do admit that the headline of Google providing 1Gbps ISP service did catch my eye. Even though it is a “test” in selected markets, here are some thoughts:

1) Ooh! Pick my market! I have cable modem service from my local carrier. It’s $55/month for 3Mbs downstream and 300kbps upstream. It’s been pretty reliable. The downstream hasn’t been bandwidth to burn, but has been sufficient for most tasks. (I strongly confess that it is a miracle compared to narrowband). On the other hand, the upstream has been paltry. I can do only one VoIP call at a time, and any uploads to Flickr or similar grind everyone else in the home to a virtual halt. There definitely is a limit on how much I can backup to Mozy. I would love to have just 1Mbps upstream – it would make a huge difference. And even 10Mbps downstream would give me some buffer space. I don’t think anyone will be using 1Gbps anytime soon (remember the “640k is enough RAM for anyone” comment from Bill Gates?), but an honest 100Mbps I think is really the sweet spot. I’d be willing to pay $100/month for 100Mbps symmetric.

On a related note, the limited upstream bandwidth is a thorn in my side. I would love to see some competition come in and challenge the incumbent providers to rethink their bandwidth asymmetry. I do not engage in the transfer of bootleg content. I use Flickr and Mozy. Why must your upstream policy make that painful?

2) We are being seduced into a monopoly. Back in circa 1999 when we were experiencing Google Search for the first time and saying “ooh, aah”, I remember someone saying “Google will become the next Microsoft”. (Remember the lock Microsoft had back then.) I was thinking, “Are you serious?” Fast forward 10 years. They were right. It scares me that Google could potentially own everything from end to end. The OS (Chrome/Android). The servers. The applications. The content. The network. It reminds me of what IBM was pitching during that same period: one throat to choke: PCs, operating system (OS/2), network (IBM Global Network), servers, middleware. Except that IBM ended up selling off the resources that became commodity. And they were geared toward enterprise customers, not consumers. But things are a bit different this time around. The network is much improved. Interoperability has made great strides. Google has a chance to own it all. Unlikely, but possible.

I don’t think Google ultimately has the guts nor the palate to deal with supporting end consumers, whether it is a cell phone or an ISP or anything else that requires more than online help, such as driving a service truck to your house with a backhoe and a ladder. I expect they’ll take a few dips in the water and end up not liking it. But maybe they’ll take persistence lessons from Microsoft.

3) The network is the computer (ref). The technology has matured to a point where it starts to become possible to leave your data and your app in the cloud instead of on your local hard disk. Cloud computing will mature to the point where you can secure your data in a public infrastructure. And virtualization will become so commonplace that you’ll look back and say “I can’t believe we didn’t do this before now.”

So 5 years from now, the current major players will still be there, but in different positions, with different upward/downward trends. There will still be competition, great progress, new up-and-comers, a couple players gone, and great expectations for the following 5 years.

Yes, sometimes small things bother me. We’ve had a vacuum cleaner that worked decent for a bunch of years, but is falling apart now. The brush is falling apart, the tools don’t stay attached to the hose, light bulbs last only a couple weeks, etc. I’ve replaced a bunch of parts on it, and finally my wife says “None of my tools work!” So time for a replacement.

After doing reading on consumerreports.org and Amazon reviews (which is one of the major reasons I purchase from Amazon) looking for a good performer at a decent price, I settled on a Hoover UH30010COM. Using it for a week, here are my impressions:

There are actually two cleaners in the package, the first is the upright which you expect, but for bonus points there is a small portable canister. The canister has a shoulder strap, or you can just carry it since it is decently light, and is great for doing a flight of stairs or cleaning the inside of your car, or sucking the cobwebs from the ceiling. It does require a bag (1 included) and is a bit noisy, but I find it nice and portable. My only complain is that there isn’t an obvious place to wind the cord, and not a place to park the long tube attachment and wide brush when they are not in use. Both of my boys were arguing about getting to use it to clean the stairs and other spots – we’ll see how long that lasts.

The upright is very lightweight. The UPS guy that delivered it said he was interested in one for his parents, I think it would be great for anyone with limited strength. It moves effortlessly across the carpet, it’s almost as if it has a power drive assist. It has a high/low setting, so you can tune it down if you want to be a bit more gentle or quiet. The power button lights up when it is plugged in, so you know if you have power. It has LED headlights for the floor instead of a incandescent bulb, so those won’t burn out. It’s more quiet than our old vacuum and seems to pull up more dirt. It has a large bag, inside of a zippered fabric pouch. Has a nice handle for carrying around, and the usual cord winder. It has rollers on the front of the base, so when you wheel it across a wood floor it isn’t rubbing/scratching as it goes. It claims to have self-adjusting height, which I don’t have experience with as our carpet is uniform.

Overall I’m very pleased. A good choice. It was $250 for both machines on Amazon. Don’t forget to get extra bags for both the canister and the upright (different bag types).

What is it with deer? You would think that they are used to being chased by predators and are careful to avoid getting hurt and watch where they are going, except whenever there is a car involved in which case they go kamikaze.

Friday evening I’m driving home from work. It’s dark, rainy, and I’m going about 50 mph down a 4 lane divided road. Then I hear a big thunk. That was not a pothole. I didn’t see anything before it happened. It felt like it came from the left side of the car, so I immediately look to the left. I see just on the other side of the window a close-up of a deer head, a doe. My brain says, “ok, you just hit a deer”. I look in the rearview mirror as I slow down and I see the deer get up off the ground and run off the road into the woods.

There isn’t anywhere to stop on the road I’m on, so I pull of onto the first side street into an apartment complex. First step is to take a look at the damage. I try to open the driver’s side door to get out, but it won’t open more than a little bit. So I crawl across to get out the passenger’s side door and walk around. It’s just bent sheet metal, and the side mirror is hanging down. The door has a good-sized bend, there is a couple dents in the fender. Sigh, first damage to this car.

I call the police, it turns out that a police report isn’t needed. I took it in to a body shop for an estimate. They will replace the fender, the outer shell of the door, and the side mirror. The insurance company has been really good to work with, they are covering it under my comprehensive coverage instead of the collision coverage, which for me has no deductible so it won’t cost me anything out of pocket. My friends say “oh no, this is your favorite call that you blogged about? We’re so sorry!” Yes, the car was in basic pristine condition prior to this. But I’m OK with it, although it is a pain it won’t cost me anything and it will be put back in pristine condition. So I take a deep breath and just deal with it.

Another week and it should be all fixed.

So as I’m looking at the damage waiting for the police to arrive, I’m thinking that if I had been a couple hundreths of a second later I would have hit the deer head on and it would have been a much more unpleasant outcome. So I do have things to be grateful for.

Last night we stopped for food as a burger and shake joint, the kind where there is no seating, so we were standing outside the order window waiting for them to bring out the trays of our food. Next to us is a couple trash bins, the tall ones with the the big flap. While waiting, I turn to look at my 5 year old daughter who has her head through the flap inside the trash can. Before I can yell at her to get her head out she says, “daddy, it smells good in here.”

I tell her that it will smell better when it is our own fresh food.