The Great Ubuntu-Girlfriend Experiment has been making the rounds and has been quite amusing from many angles.

Ironically, I received this email from my Mom a few minutes ago:

“I keep getting a notice on the screen that I should install the latest version of Flash. Seems like nothing is working right this morning on the usual things I look at like the NY Times, eBay, etc. Is this all connected? Is the Flash Update free? What do I do? Help.

Mom
“

Sounds almost identical to the failures in the Ubuntu girlfriend experiment.

The kicker? My Mom is running OS X.

Ruby is a great programming language for many purposes, however, it’s weak when it comes to device support for embedded projects. That said, one package that helps bridge the gap is the Ruby-SerialPort which, as its name implies, provides the classes needed to access a system’s serial port from Ruby.

Ruby SerialPort works very well with Mac OS X, Leopard on an Intel or PPC Mac (I’ve tested both), even though it hasn’t been updated since 8/27/2003. Versions of Ruby SerialPort are said to work fine on Windows and Linux, though I’ve only tested it on Mac OS X. You can download Ruby-serialport from http://rubyforge.org/frs/?group_id=61&release_id=308

There are two steps to installing it. First you need to compile the C code that comes with the download. Assuming you have the GNU compiler installed (for Mac OS X, just make sure your XCode tools DVD is installed), it’s as simple as this procedure:


ruby extconf.rb
make && sudo make install


Here’s an example of building Ruby SerialPort on OS X Leopard:



Then, to test it out, connect your serial device, identify the device port on your host system (”COM1:” for windows or “/dev/tty.KeyspanSerial1″ for example on a *nix type box). Next take a look at the example code here that uses Ruby SerialPort to talk to an Arduino (another piece of open source hardware I’ve mentioned in the past):

http://www.arduino.cc/playground/Interfacing/Ruby

Modify the port_str variable in the example to point to the device port on your system, adjust any baud rate or framing attributes, and run it with ruby.

I hooked up a KeySpan USB to Serial adapter to connect my Mac to a serial GPS and was able to see NMEA sentences flowing in through the ruby test application. Very nice, very handy.

On my workbench, I have multiple serial GPS’s, a Nokia LCD that’s driven by serial, several LANtronix devices that translate serial to IP data and I’m sure if I dug through the archeology on my bench, I’d find other examples.

Part of the reason I was looking for a Ruby serial solution was that I am working on a serial multiplexor to combine up to 5 serial data streams into one so microcontrollers with one serial port can still talk to many serial devices. I wrote the firmware for a Propeller ( a cool 32-bit 8-way multi-processor microcontroller - and a topic for another post sometime) to multiplex the data from devices like GPSs.

I used Ruby SerialPort and Ruby code on my Mac to parse the multiplexed packets in and out of the propeller. As a basis for some of the firmware, I used the FullDuplexSerial.spin code that’s open source (MIT).

Here’s a picture of my prototype serial multiplexor - the Propeller board is the blue board and some test serial devices are connected to it:

FYI - Because serial data devices are still so ubiquitous (in the form of RS232, TTL, USB, SPI, I2C), an excellent book on serial port software and hardware development is:

"Serial Port Complete: COM Ports, USB Virtual COM Ports, and Ports for Embedded Systems (Complete Guides series)" (Jan Axelson)

Long live serial. And thanks to the Ruby SerialPort project for making a cool add-on to Ruby.

MacFUSE is one of those packages I always knew I needed but didn't know it existed or even what to call it. MacFUSE lets Mac OS X treat a remote ssh accessible server as a mounted disk resource. Upshot: I can use any of my Mac OS X tools directly on a file that lives on a remote Linux box. MacFUSE is an OS X implementation of FUSE (Filesystem in Userspace). Google licenses it "New BSD", an OSI approved open source license. You obviously still need to be cognizant that the file system lives remotely because it's easy to abuse or forget, but given that caveat, this has to be one of the most useful pieces of software I've installed in a long time. MacFUSE project page says it will support other file system types than sshfs, but currently it looks like sshfs is it - that's enough for me. Thank you, Google.

There's an interesting article on the Discover magazine website called "Long Live Closed-Source Software" written by Jaron Lanier. Jaron is a colleague of Richard Stallman though they are philosophically opposed. A quick summary of his thesis is that though the trendy thinking in synthetic biology includes incorporating the worldwide collaboration ideas (aka web 2.0 - whatever that is) and techniques used in open source, that truly innovative work cannot be done open source. Jaron cites examples such as the iPhone and Macromedia (Adobe) Flash as examples of closed-source systems that could never be created by open source processes. Furthermore, open source is a hindrance to innovation by causing brain-drain - my summary of his point that good talent is side-tracked by working on open source. He refers to Linux as a polished knock-off of closed-source unix and the general open source mentality as 70's. He concludes that applying open source ideas and ideals to synthetic biology will not result in an explosion of innovation as touted. As an adjunct he maintains that science, as currently practiced, is open enough and that the incubation period of an idea or hypothesis must occur in a closed environment so it can be protected (like a cell wall) and refined until the point it's ready to release for public review. He makes a lot of good points but also glosses over many and I think takes a stunted view of computing history and market economics in the 80's and 90's. Before Linux and Windows, for example, unix vendors, including Sun and AT&T, failed miserably to supply the market with what it needed: a solid, extensible operating system running on inexpensive hardware. The market was very fragmented, especially in the unix desktop arena and the software and hardware for unix platforms was still considered very expensive. I remember early in my career at Prime Computer, I worked on a port of System V Unix to the Prime 50 series minicomputer and I had printed out the entire source code for System V and was carrying it around in my backpack for study like I had a state secret. After all, Prime paid dearly for a license to System V and if I got mugged, someone would have the source to System V. It seems incredibly silly now. The commercial unix market prior to Linux is a counter example to Lanier's closed source arguments - it was an abysmal failure of closed-source, commercial efforts to give the market what it needed. The commercial unix market had over two decades to fill the vacuum even as Microsoft and Intel plowed the way to inexpensive hardware and software in the 80's and 90's. The irony of course is that it took the adoption of a single hardware platform and to a large degree a single software platform to reach an economy of scale where diversification and mass innovation was possible. Without WinTel, where would Linux be? To his point that integrated circuits and microprocessors are the end all in encapsulation and the pinnacle of closed-source development, I think it's another example of why it may take a mass commercial effort and the rewards that come with commercialization in order to provide a platform for an industry. Any capital intensive development does not lend itself initially to open source. However, once it's reached the mass market stage, the monopoly doesn't lend itself to innovation - stagnation will ensue. In order to build a platform upon which sustainable innovation can occur, historically speaking, it's true that major investment must come first, but that's hardly the end of the story. The mass market in silicon was well established in the late 80's and early 90's. However, I can remember a discouragingly stagnant period of several years when the world had either expensive mainframes/minis or lowly PCs with DOS and no one could think of any more innovative things to do with a Terminate and Stay Resident program or a dot-matrix printer. Then came the internet. The development of the internet is well documented. It was not a closed-source effort and was a government funded initiative at the outset. It expanded by establishing open standards, designing in diversification, providing reference implementations. This was followed by a period of huge investment, commercialization and technology transfer. That in turn enabled mass collaboration world-wide in every topic known to man which continues to this day. If the government funded IP of DARPA was instead incubated commercial/closed-source, how would it ever have sprang to life? It's like any civil infrastructure project - contrary to libertarian views, individuals aren't out to build their own personal toll roads. So, was the explosion in innovation brought on by the internet a result of open standards, government funding, entrepreneurs, close-source, or open-source? It seems to me to be the height of arrogance for any one driver named above to claim responsibility for creating the internet (remember Al Gore?) and by proxy, for enabling all the innovation to come from it. Lanier's argument that closed-source is the only way to true innovation seems patently false given the all-time best platform for innovation, the internet, was not and is not a closed-source development. I think the best argument for closed-source innovation is that it may still be the fastest technology accelerator we have found. However, as the history of Unix shows, closed-source isn't a guarantee for innovation or for giving the market what it needs. Once successful in a narrow band, closed-source methods have a hard time scaling when you consider the vast expanses of the internet or entire fields of science and discovery. For that scale, open source and collaboration between government, commercial and private interests is the only model we've ever seen work. The synthetic biology argument he makes could well be true but only within the narrow confines of jump-starting an industry the way Apple, Microsoft, and Intel did with personal computers. But in the comparison of computing history and innovation, to get to an "orgy" of synthetic biology innovation, it will take open standards, government funding, a massive commercial investment, consolidation, and technology transfer, not to mention an actual market need. That's a tall order for closed-source thinking. Pure commercial innovation and closed-source development, while necessary, is not sufficient for mass innovation.

I was thinking the other day about software that I use every day but is unobtrusive….so much so that I forget I'm using it. Besides the normal embedded software in consumer devices, one of the first packages that came to mind was DenyHosts. DenyHosts is a Python script and system which effectively stops brute force login attacks through secure shell attempts on Linux. If you've ever put up a server on the internet that allows secure shell logins, you will have seen hundreds, even thousands of ssh login attempts per day. The script kiddies are still alive and well and polluting networks with their vain brute force logins. They must succeed just enough to never give up, but DenyHosts can put an end to all that for anything you have to manage. You'll need Python, 2.5.1 will work fine, as the only prerequisite. Download the package from http://denyhosts.sourceforge.net and follow the well written installation instructions. Within 15 minutes you can have it running and protecting your box. DenyHosts monitors the security logs of your server and parses out the sshd failed login attempts. After a configurable number of failed attempts, it then adds those IP addresses to the hosts.deny file your TCP stack will obey. Anything in that file will be automatically denied a TCP connection to your machine. You can set the interval at which it processes the logs, but in practice, I've never seen DenyHosts process taking many cycles so I have mine set for frequent looks. The most powerful feature of DenyHosts is the ability to automatically share attack data with the community and then download lists of IP addresses aggregated from all these attacks. You can set an update interval to pull the new lists. I have mine set at 30 minutes and nearly always it's pulling 10 to 15 new addresses each time. The addresses will age out after awhile…just like everything else in DenyHosts, this is user configurable. If your system has been attacked by an IP you don't already have in your deny list, you can optionally configure your DenyHosts to share that IP data with the central server. So, it's possible to pull deny host lists and not put back any attacks you see, but there's not much reason to not share your data too. It's rare, but it does happen that servers I have installed DenyHosts on will push a new denied IP upstream. DenyHosts is simple to install, configurable almost to a fault, and extremely effective at cutting out brute force login attempts. Give it a try next time you put up a new box or if you don't have anything in place on your servers now to cut out brute force login attacks.

Recently, an odd set of coincidences made me wonder if, as a society, we’ve gone over the line in technology dependence.

Item 1) A Quiznos sandwich store was getting ready to set up shop in the lobby of the OpenLogic building. Signs announcing its arrival met every entrant. A huge, heavily bolted Quiznos kiosk was stashed in the corner trying to look unobtrusive. Then, it just went away. Signs explained it was moved to another building in the office park. The reason (not explained on the sign)? They couldn’t get a comm line for their credit card machine.

Item 2) I took my son to Red Robin a few weeks back. When we finished and asked for the check, we waited and waited. Eventually, our server came by to apologetically explain that their “system went down.” We waited for at least 20 minutes after our meal was done. Back at the server’s station, I could see a Windows logo coming up, then disappearing like a drowning sailor - no doubt it was bobbing repeatedly with a Ctl-Alt-Del dunking. Finally she came back with a hand-written ticket and credit-card charge slip. Their system never came up. By the time my charge showed up on my account it was for several dollars more than I had signed for. Just enough to not make it worth the bother to contest it, but just enough to feel like they stuck it to me.

Item 3) OpenLogic engineers often go to Heidi’s Deli, but on more than one occasion, we’ve been turned away right at the start of the lunch rush because they couldn’t take cards. They blew an entire 2 hr lunch window.

In all 3 cases, the business ground to an halt due to lack of basic, working technology and no support. In 2 cases, the businesses decided they couldn’t even make a sandwich without a network connection. In all cases, there was no alternative process in place to conduct business.

Have we become so dependent upon business technology that the average street vendor in Bombay, armed with a cell phone and enough inventory to fit on a rickshaw, could out-hustle a successful national sandwich franchise?

Most people who work with me know I'm not a big fan of Eclipse though I do use it from time to time for typical Java tasks. I also used it several years ago with CDT to do C++ development for some GIS projection code and it worked well for that task. Recently, I used Eclipse for something I've never used it for before: writing firmware. I like building GPS related devices and software applications and bought an Olimex SAM7 P256 development board so I could start learning the ARM core architecture and specifically the SAM7 microcontroller from Atmel. The SAM7 (S256 flavor) is a 32bit RISC microcontroller that has 256KB of built-in flash memory for holding firmware and 64KB of RAM. It incorporates two serial ports, an analog to digital interface, a plethora of digital GPIO ports, built-in USB physical level support, and has SPI (Serial Parallel interface) which is a low-level (register level) mechanism commonly used for communicating with external flash devices like SD and MMC cards. The device runs on 3.3 volts and needless to say, has a lot of functionality packed into a low-power package that is smaller than a postage stamp. The Olimex development board which incorporates the SAM7 looks like this: This board breaks out all the GPIO and serial interfaces, adds a themistor for measuring temperature, a few buttons to exercise GPIO, and provides a JTAG interface. JTAG is a physical and electrical standard used to both flash new firmware into embedded devices but also used to source-level debug embedded code running directly on the platform — in the olden days, this functionality was encapsulated by a huge machine, ICE (in-circuit emulator), which cost thousands of dollars. In fact, one of the ways the iPhone was cracked was through a builtin JTAG interface embedded deep in the iPhone. JTAG is one of those ubiquitous technologies that flies under the radar - it is everywhere if you know where to look. I bought a JTAG for ARM programming device (~ $70) which works in conjunction with Eclipse and a package of GNU ARM cross-compiler tools called Yagarto (Yet Another GNU ARM Toolchain.) That tool chain, along with an excellent tutorial written by Jim Lynch, got me up and writing C code for the SAM7 in about 1/2 hr (not counting download times.) This is a picture of my setup - the Olimex board connected through JTAG to the Olimex JTAG programmer which is USB to my laptop development environment: In order to use JTAG, Yagarto incorporates an open source JTAG middleware piece called OpenOCD (Open On-Chip Debugger.) OpenOCD's main task is to be the mediator between the Eclipse, ARM cross-compiler binaries, GNU GDB and the JTAG programming device itself. OpenOCD's gdb service is not used to flash the device, just debug with it, but OpenOCD software is involved with flashing the device. There's a special build target in the Eclipse project that defines an OCD script for flashing the device. Using Eclipse and OpenOCD, I was able to single-step through lines of C code in my Eclipse environment though the code was running directly on the SAM7 board. Considering everything that was going on in order to make that happen and considering the cost of the software development tools was $0, this is nothing short of impressive. Some shortfalls in the environment that I found were mainly 1) productivity tools for embedded development in Eclipse are very lacking. For example, I wanted to easily be able to look at a hex dump of memory, but there's no simple way to do that (no way that I found.) 2) after running through one session with OpenOCD and JTAG, in order to reflash my device, I had to unplug the device which kills/disconnects OpenOCD, and then reconnect to reflash it. 3) there are some odd breakpoint issues with OpenOCD and JTAG which limited the ability to set hardware breakpoints…I would often have to clear all breakpoints right after starting a JTAG debug session before I could get anything running again. There are other commercial embedded tools that work much better but cost thousands of dollars to get into. So, given the price and functionality of this solution, I can live with those limitations - this package was good enough for me to develop an SPI SD/MMC flash memory card driver, for example. I also developed a non-interrupt serial driver with it. It's plenty good to do real work with. So, there's a new use of Eclipse that partially redeemed it in my eyes.

Given all the interest in wind energy these days, and the fact that I live in a very windy area, I decided to start measuring wind speed and direction. I found some inexpensive, robust wind instruments, a cheap AVR microcontroller, and set out to build the firmware using an open source C compiler, WinAVR, based on the GNU gcc for Windows. I mounted the wind instruments on my garage and fed the signal to the AVR controller I have in my home office. The AVR microcontroller spits wind speed data out the serial port which is connected to the Linux box. That server turns the wind data into an XML file that's served by an Apache web server. I wrote an example Flash application which reads the XML and adjusts some graphical meters in near-real time (every 5 seconds.) I've released the project as Open Source under the Apache v2 license for the software I wrote. Take a look at OSCirrus.see-do.org for more details, schematics, sensor construction, and downloads of source code. Since I've put up the sensors, I've captured some huge and sustained gusts of wind. Here is a snapshot of the Flash-based GUI that shows the speed history during a severe wind storm that had gusts up to 60mph: So, dig in, have fun.

Background In this article, I'm going to take you on a quick tour for configuring virtual hosts on apache, but then leave you with the one tip that glues it all together. Normally if you're hosting a web site on Linux/Apache, your ISP is handling all this for you, but if you're like me and like to maintain various personal web sites that don't get a lot of traffic, you can put up a Linux box on your DSL connection and have all the disk space and freedom you want to manage your server and try out new technologies. Apache does a great job of hosting independent domains on the same instance through its virtual host capability. All domains can have the same IP address - Apache sorts it out based on the request URL and multiplexes the request to serve it from the correct document root/web site. Apache stands there as a traffic director giving the illusion that each site is completely independent despite they all live on the same server and use the same IP address. That's the basic model of shared web hosting, but you can use it for yourself to maintain your own server with multiple domains on the internet. How To Configure a Virtual Hosted Apache 2 Server If you haven't already, as root, create an /srv/www/vhosts directory # mkdir -p /srv/www/vhosts Then for each domain you want to host on the server, create another subdirectory under vhosts that contains the name of the domain. For example, I have a personal site called sawdust.see-do.org that I use to stash and document various technical projects I have on the side. I have another site I use to host an open-source project I started called OSCirrus.see-do.org (a wind measurement microcontroller, firmware, and instruments project.) With those two sites as an example, my /srv/www/vhosts directory will look like this: lcox@flash:/srv/www/vhosts> ls -l
total 2
drwxr-xr-x 18 lcox www 648 2007-05-03 18:25 oscirrus.see-do.org
drwxr-xr-x 14 lcox www 496 2007-05-18 08:34 sawdust.see-do.org
Depending upon who's going to be updating the site, you'll want to change the ownership of the site directories. In this case, I used my own user account, 'lcox', as the owner and 'www' as the group. Under these domain directories is the normal content you would see for a web site that lives under an Apache htdocs directory, for example. Now, over in your Apache config file, typically in /etc/apache2/httpd.conf you'll see what amounts to a template for virtual hosting in the form of an Include directive. If it's commented out ("#"), then uncomment this line: Include /etc/apache2/vhosts.d/*.conf Under the vhosts.d directory, you will create a configuration file for each of your domains; in this example, I created two .conf files…one for oscirrus.see-do.org and one for sawdust.see-do.org. Note, you don't need to match the file name with any domain in particular. That is the conf file name is arbitrary, but in practice it will reflect some part of the domain name it's describing. I created the files from a template Apache gives you called vhost.template which lives in the same directory:

lcox@flash:/etc/apache2/vhosts.d> ls -l
-rw-r–r– 1 root root 4203 2007-04-12 19:46 oscirrus.see-do.conf
-rw-r–r– 1 root root 4196 2007-04-11 20:31 sawdust.see-do.conf
drwxr-xr-x 2 root root 48 2007-03-17 19:41 vhosts
-rw-r–r– 1 root root 9147 2005-09-09 15:33 vhost-ssl.template
-rw-r–r– 1 root root 4237 2005-09-09 15:33 vhost.template
So, just do a: # cp vhost.template mydomaingoeshere.conf for example, to get a virtual host configuration for your domain. Inside that conf file is nothing special, but you will need to change the various Apache directives to reflect your domain specific names and locations for things like access and error logs, the server name, admin email, etc. These are all exactly like the normal Apache directives of a non-virtual domain, so nothing special needs to be noted. The critical directive to change will be the ServerName - for example: ServerName oscirrus.see-do.org In order for your new changes to take effect, you need to restart Apache which takes just a few seconds. A typical way to do this is: # /etc/init.d/apache2 restart Domain Registration Assuming you have registered your domains at a registrar such as Network Solutions, DirectNIC, GoDaddy (or any number of the others out there), you will need to login to your registrar account and point the domain to a DNS server. I use ZoneEdit for DNS services because I can very easily repoint a domain or subdomain to a new server and the changes take effect almost instantaneously without having to repoint my domain at the registrar. So, all my domains at my registrar point to DNS servers at ZoneEdit and then at ZoneEdit, I resolve the domain's address to the IP of my server that's behind my DSL connection. So, if you haven't already set up your domain registration and DNS, you'll need to do that before any of this can begin to work and insure you can reach your server from elsewhere on the internet. I won't cover how to do all this since DNS procedures are really well documented and there a 1,000 ways to do it. Finally, Here's the Glue Tip Everything above is pretty self explanatory, well-trodden territory, and the Apache files do a great job of leading you to the virtual host water. You can do all that correctly and still hit this one nasty problem. If you have multiple virtual hosts and you try to request a URL from the 2nd or 3rd host, for example, you'll always get the page from the first virtual host - a maddening state of affairs. So, here's the one line of glue code that's not included in the typical Apache conf template that makes it all work. Over in the /etc/apache2/httpd.conf file, immediately above the Include directive for the vhosts.d conf files, you need to add a line: NameVirtualHost *:80 In context it will look like this: # this NameVirtualHost is critical otherwise any virtual host request will only
# resolve to the first one
NameVirtualHost *:80
Include /etc/apache2/vhosts.d/*.conf
Summary There are lots of tutorials on the net for setting up virtual hosts, but none that I found cover that one magic line - you'd have to dig it out of google/forum posts or somewhere else. So, hopefully, this a) spurs you on to try virtual hosting on Apache and b) saves you a bunch of time trying to figure out how to make it work.

When I first read the Microsoft saber rattling article in Forbes a week ago where Microsoft claimed open source projects including Linux, OpenOffice and others violated 235 of Microsoft's patents, my first thought was: "Is that all?" Out of the millions of lines of code those open source projects represent, the idea that they allegedly violated 235 patents is absolutely amazing considering there are patents granted on the most mundane things like transferring data from one computer to another over a network. I would have thought the number of violated patents was much, much higher. If Microsoft would have made the claim that open source projects violated exactly 8,154 patents, I would have believed it. Imagine trying to commute to work in a Tokyo subway and not rub up against anyone else or step on a foot. That's the visual picture of the patent landscape today. Given how loosely and freely the patent office hands out its goods, it's not an exaggeration to say it's impossible now to create a product without violating a patent somewhere. The question isn't whether a patent is violated when new software is developed, the only question left is whether a patent holder somewhere will press its case. If your product is successful, it's a given you'll have to defend. Microsoft might be the poster child of frivolous patents, but recently when Steve Jobs announced the iPhone and claimed their development resulted in over 500 patents (applied for or awarded, I don't know the exact details), he was bragging about how innovative they were, but it's truly a sad day when one device can lay that much claim in the intellectual land grab game that's been going on for the last 15 or 20 years in technology. The iPhone will be a distant footnote in technology history by the time its patents expire. To be sure, Microsoft must see patents as a double-edged sword. No doubt, frivolous patents have been used to extract money from the company. So, in some ways I can't blame them for puffing up their patent portfolio for defensive purposes, but the threshold they're using to activate those defenses seems to be lowering day-by-day. Either they're getting weaker, feel more vulnerable, or open source is getting stronger for these kinds of PR skirmishes to be breaking out into the open.