Subversion + SSH – Close but no banana

About a year ago, I switched my primary source code control system from the venerable old CVS to the (relatively) new kid on the block, Subversion. On the whole, I’ve been ecstatically happy with the system. It patched many of the ridiculous problems with CVS, and added on things that opensource community has been asking for for ages (like ‘rename’), but never made it into CVS.
Now I have all my projects stored in SVN, and my main client is using it as well for their code (they’ve chosen to go with SVN and are planning to End Of Life their VSS server – to the dismay of no one).
Subclipse
One of the best tools that made this switchover workable (aside from SVN’s similarity CVS in many respects, particularly on the command line) is the Subclipse plugin for Eclipse. Subclipse provides a great easy to use interface into SVN servers, giving all the functionaly one would have on the command line via a very simple, tightly integrated GUI.
One thing that had been bugging me, however, was the access methodology I was using to get to my (remote) SVN server. It involved setting up a tunnel in SecureCRT (though Putty can do it as well), and then telling subclipse to use my ‘svn://localhost/stonekeep’ repository.
SVN+SSH configuration under EclipseWhile doing some surfing, I found that Subclipse supports the svn+ssh syntax for specifying the repository. “Great!” says I, “I won’t need to set up the tunnel each time!”
A few more fiddles, a pleasant discovery of a configuration screen in Subclipse, and I had an SVN over SSH connection to my repository, even using my ssh key pair.
Danger, Will Robinson!
But wait! All is not well. When I tried to browse the repository from Subclipse, I quickly hit this error:

Could not open file system at /var/lib/svn/stonekeep
(13)Permission Denied: Berkley DB Error while opening environment for file
system /var/lib/svn/stonekeep/db:

This vexed me, because I had been having no problems accessing the repository locally on the server, and over my ssh tunnel. Both used the locally running ‘svnserve’ on the repository host, so why wasn’t the svn+ssh connection using it?
The answer comes in the SVN documentation, and via a little research:

What’s happening here is that the Subversion client is invoking a local ssh process, connecting to host.example.com, authenticating as the user harry, then spawning a private svnserve process on the remote machine, running as the user harry. The svnserve command is being invoked in tunnel mode (-t) and all network protocol is being “tunneledâ€? over the encrypted connection by ssh, the tunnel-agent. svnserve is aware that it’s running as the user harry, and if the client performs a commit, the authenticated username will be attributed as the author of the new revision.
When running over a tunnel, authorization is primarily controlled by operating system permissions to the repository’s database files; it’s very much the same as if Harry were accessing the repository directly via a file:/// URL.

The Problem With This
I’m really unhappy with this model. The problem is that now the user must have read/write access to the entire repository tree. When using a local socket connection (or one over ssh via a normal tunnel), the Subclipse client connects directly to the svnserve process running on the repository box, and interactions with the server happen under that processes ownership.
The svn+ssh protocol does not use the svnserver on the target machine. It tunnels the command to a user-invoked svnserve process, and that process must have read-write access to the repository.
“Well gosh, that doesn’t seem too bad. What’s the issue?”
The issue is that to make this methodology work, I have to give the user read/write access to the repository tree. Meaning, they could happily type ‘rm -rf /var/lib/svn’ and destroy the entire repository. Even worse, the configuration files (including the password / access file, which has passwords in plaintext) must be made available to the general users.
Why svn+ssh doesn’t simply make a local socket connection to the svnserve process already running, I don’t know. But I can find no way to make that happen.
The fix?
As far as I can tell, there really is no direct fix for this. There are various workarounds, which the SVN documentation discusses, including setting up an ‘svn user’ for the svn+ssh logins, and the possibility of using unix groups for permissions, but I feel that if you have a listening socket server on your repository host, you should use it, not introduce a second methodology and have to jump through hoops to implement it.
For now, I have to abandon the svn+ssh possibility, and go back to my hand-configured socket tunnels. There’s no real loss here – they work remarkably well, are very secure, and quite stable. The slight annoyance of having to open up a SecureCRT session before doing work in Eclipse is just that – a slight annoyance. I’ve dealt up until now, and I’ll just continue to deal.

primark

Something Terrible Happened to my Headphones

The other night I decided to go out to dinner at the local CPK, and brought my MZ-RH1 along to listen to tunes while reading.

“Odd,” thought I, “why am I not getting any sound out? The player is running, the display is showing levels, dang, I wonder if I blew out the internal amp during the recording session the othernight? Nah, couldn’t be.” I resigned myself to a musicless evening, and went on with my dinner.

When I pulled the player out again the next day to see what was wrong, I plugged it into my desktop speakers, lo, it worked! Something odd with my headphones, I gu… oh dear. Oh my.

Apparently Lila decided that my headphone cable would make a tasty snack, and gnawed away on them for a bit. Fortunately, she chose the ‘headphone’ segment of the wire, so I can replace them with any generic mini-stereo jack equipped ‘phones. I was rather fond of the Sony headphones (which had the ‘one long, one short’ wiring arrangement that let one earpiece have a wire around the back, thereby leaving only one wire going from the unit to the ‘phones). They had great sound and were reasonably comfortable for ‘earbud’ style phones.

Ah well, I’ll haul out a pair of iPod headphones I have lying around and assume the mild-mannered demeanor of an Apple drone until I can replace my chewed up set.

Strictly Hamburger Coding

I ended up with a sort of special bonus afternoon today as Cat is off in town, and Zach is over his friends house. The basic idea was to make up for a very interrupted week of work and try to get some long-neglected work out of the way.
Mostly, it worked quite well. I got caught up on a couple things that had been nagging, and that’s good. But what really got me grooving was working on… well, a project that a couple folks know about, but I’m not -quite- ready to release to the public. I’ve been referring to it simply as the “Secret Squirrel” app, or just ‘The Squirrel’ for short.
What’s been good about this has been the basicness of the design and implementation. I’ve been spending SO much time delving into the deep complexities of EJB3, JBoss, Hibernate, and more recently Terracotta, I don’t get much of a chance to just sit down and whack out simple code.
Today had 2-3 hours of basic grunt ‘hamburger’ coding, to borrow a phrase from MASH. No fancy libraries, environments, or oddities. Well, okay, one new library that handles OpenGL rendering, but everything else was basic data application coding and design.
It felt good! It sort of underlined where I’ve gotten with Java programming over the last 2 years or so, and now basic coding is second nature. Eclipse has become my environment of comfort, whether it’s running on Windows or Linux (in fact I’m leaning toward moving back to Linux full time soon – with both machines up and running cleanly on my desk, I find myself doing more on the Linux box than on Windows… but I digress…) , and the Java OOP approach to program development Just Plain Makes Sense. It’s nice.
Tomorrow it’ll be back to EJB3 and Terracotta land, and all the mysteries therein, but for now, I can look at what I did today and do a “That felt good!” happy dance.
And the code even worked.

A successful geocache find!




Photo_032307_002

Originally uploaded by eidolon.

Zach and I took some time this afternoon to haul the bikes out and go on a geocache hunt. I had been trying to do more of this last fall, but various problems with my receiver got in the way, and we weren’t able to find anything.

I’m really frustrated with how poorly my Mobile Crossing Waypoint 200 works (or, in many cases, doesn’t work at all). It’s been back for repair 3 times now, and even in it’s best mode, it ‘only sorta works’. The Windows Pocket PC is woefully underpowered for the task at hand, and frankly, the software sucks. Navigating around it is too similar to working on a desktop machine, and I guess Microsoft -still- hasn’t gotten the hint that a handheld device is NOT just a smaller screen for Windows. The interface is completely different, and 14 different ‘start’ mechanisms just add to the confusion.

At any rate, with the weakness of the platform, combined with the poor software from Mobile Crossing, I never quite got any navigation system working to my comfort.

For this trip, though, I downloaded GeoNiche, a Palm application that worked fine on my Treo. It had it’s own interface problems, to be sure, but it did happily connect with the Bluetooth GPS ‘brick’ from the Mobile Crossing device, and I was able to carry both in my pocket. Once I got my target defined (a Cochituate Lake View cache), we were able to do the normal “Walk around and get closer with hints, and yay, we found it!” path that most geocachers are used to.

This was the first ‘new’ cache Zach and I had found together, and it was pretty exciting on all fronts. It was challenging because my assumptions of the first location were wrong, and we ended up on the wrong side of the lake. “The arrow keeps poinging .2 miles that way. But… that’s the other side of the lake! Alright, back on the bike!”

A nice hike up into the woods, and GeoNiche got us within about 10′ of the final location. A little rummaging around, and lo, we found a wonderful old ammo box under some wood, with lots of little toys and notebooks and the like.

This particular cache had not been visited for over 2 months, but everything was nice and dry inside. We signed the book, didn’t take anything because we hadn’t brought anything, and tucked it back in it’s hiding place.

A really nice day out. We’re going to do more this summer, now that I -think- I’ve ironed the bugs out of the process.

I tried, I really tried.

While working on yawl this morning, I finally had had enough. I just can’t get my head around Gnome and what to me are very poor design decisions. Without much fanfare, I installed the Kubuntu KDE packages on yawl, restarted X, and was happily back in KDE land. For those curious on how to install KDE on Ubuntu:

sudo aptitude update
sudo aptitude install kubuntu-desktop

I completely replaced the GDM login system with KDM, and after a restart, all was restored.

Why did I make this choice? I’ll freely admit I’m a lot more comfortable with KDE than I am with Gnome, but in the interest of learning, and that it seems most folks are defaulting to Gnome in their installs nowadays, I decided to try it. I lasted about 2 months before the frustration level got to be too much.

Here’s a brief summary of why I switched back.

  • Dumbed-Down interface
    Gnome has made many decisions to ‘dumb down’ it’s interface, so it is not as ‘intimidating’ to new users. In doing so, however, it’s made the interface too sparse, too simplistic, and frankly dull.

  • Audience targeting is wrong
    The choices that Gnome has made in their interface seem to fall into two categories. The first is the aformentioned ‘dumb’ mode. Make the interface simplistic and boring to avoid confusing users. The second set of choices is ‘make it not look like Windows’. My question here is “WHY?” The number of ‘new’ users on the planet right now who have never touched windows is incredibly small. Of those that fit into this category, many are Mac users. So building an interface that deliberately avoids any of the ‘existing’ UI designs is a ridiculous approach. What audience is trying to be targeted by making those choices?

  • Deliberately limiting power users
    I’m a power user, I admit it. I will tweak, update, and modify my desktop the way I want to. I enjoy doing it within the paradigm of the environment, to understand the design philosophies that went into it. The Gnome interface appears to either be “Dumb dumb dumb, it looks like this, maybe in a shade of blue”, or it is “Edit the gnome registry to get what you want.” The entire desktop experience seems to have been shoved into “We make a pretty window manager, everything else is up to you to hack.” KDE’s desktop, applet, toolbar, and UI tuning is vastly superior, with mature, stable, and complete tools for doing whatever you’d like. These tools also stay out of the way unless you need them. Another bonus.

  • Konqueror
    I can’t say enough about Konqueror. Gnome’s equivelent to the filesystem browser, Nautilus, is a sham. It looks like something dragged out of the Amiga days, and never updated since. I would never even remotely consider doing serious file manipulation work with Nautilus. Konqueror has a long history of stability and growth and expansion. Nautilus appears to change with every gnome release.

  • KIOSLAVES
    And this is the final win. Because KDE is truly an integrated desktop environment, it’s quite possible to define alternative IO methods. An excellent example is the ‘fish’ kioslave plugin. It allows urls within file open/save dialogs that reference a remote SSH server, just as if it were part of the local filesystem. When I do a screenshot with ksnapshot, I save it to a bookmarked location called “fish://boomer.homeport.org/home/dbs/public_html” – which pops up in my Save as… dialog, as if it were a local filesystem. This occurs in all KDE applications. Bookmarks, kioslave pointers, links I’ve defined – they’re all there in the file save/load dialog.

I recently had a conversation with an old friend of mine who, while his wife’s computer was down, decided to give her a try on Ubuntu linux, running Gnome. They set up Thunderbird and Firefox, and let her work on it. She was intensely frustrated and annoyed at the environment, because it was totally UNLIKE windows, which she had worked on for years. This deliberate ‘breaking’ of paradigms that users are used to, for no other reason than “We don’t want to be like windows”, is, I believe, one of the major reasons Linux desktops do not have more widespread use. The interface is TOO different, and too hard to understand, despite the ‘dumbing down’. The intuitiveness level is non-existent, so people will not want to use it.

Gnome folks, sit down with the KDE people and start learning about UI design. Shut down your emacs editors and bash prompts and learn how the rest of the world has advanced beyond these poor outdated models. Perhaps you’ll begin to understand that a desktop is not just pretty graphics on top of shell prompts, and start designing accordingly.

On being without an office, and shades of things to come?

Today was a great example of the ups and downs of being without an office. I’m sure most folks realize that, being a fulltime consultant has it’s positives and negatives.
I’ve been on the job with this client for over 2 years now, and things don’t look like they’re going to slow down any time soon. My job description can best be summed up as “Platform Architect” – designing this company’s next generation architecture. The work involves a lot of research, tinkering, exploring, and learning – the deliverables are rarely better defined than “Come up with a way we can do X”
On the one hand, I get a very open and free schedule, with no hard deliverable deadlines, no “What? You’re leaving at 4:55?”, and all the long lunches I could want. On the other hand, I don’t get the typical office interactiveness most folks take for granted. My ‘office’ at home is an L shaped desk with all my computers on it, which is all of 3′ from my bed. A ‘break’ is walking from there to the kitchen to make coffee. It can get a little lonely.
Fortunately I have lots of folks I chat with on IRC and interesting stuff to research, but sometimes I just Gotta Get Out.
My current favorite watering hole is Panera Bread in Framingham, MA. It’s all of 3 miles from the house, conveniently on the way to Zach’s school, and they provide free wireless. That, combined with a $1.50 cup of coffee that can be infinitely refilled and a set of comfy chairs by a fireplace, makes for my Office Away from Home for the times I just need to get out.
This evening had me settled into said Comfy Chairs[tm] working on long and vexing problem trying to… (if you’re averse to long strings of corporate buzzwords, technology references, and other geeky-hoi-palloi, you might want to skip to the next paragraph)… trying to get JBoss AS, running under EasyEclipse to fire up in a standard configuration, allowing for a Terracotta server to act as a DSO cluster server for instrumented classes as distributed in an EJB3 based SOA. The twitch was getting JVM versions to match so the boot-class wrapper for the JVM would allow for the Terracotta cluster to come up, and be accessible remotely from the JBoss hosted app.
Got that? Okay – the nutshell of this was – I got it working. With not a little help from the Terracotta folks on IRC. The baselien concept for this stuff is fascinating, but implementation, when much of this is still in ‘beta’ form, can be maddeningly difficult to get working. In the end, it’s all running, and now I have enough structure in place to actually learn the system.
What made this interesting was about halfway through this intense mishmash of XML configuration files, crashing applications, and “wait, what version of what is where?”, I heard a familiar voice in the background… after a few minutes I looked around, and chanced to run into Dwight, who was picking up some edibles for his family. It’s unusual for me to see someone I recognize during my ‘work day’ (even though it was in fact about 6pm), but I found myself sort of pleased at the interaction.
What does this have to do with my future? A lot, since sometime in the next 3 months, Mosaic will be breaking ground. This means that soon my home office will include our common house, where I’ll happily be able to sit in front of a fireplace on a comfy couch, and pretty much everyone I see wandering by will be someone I know very well.
How wonderful.

Kids Programming?

There’s been a lot of chatter around the net lately about trying to find programming and introduction to computers-type software for kids to learn on. I mean, we all know where we started, right? TRS-80 and a READY prompt, or the wonderful ] prompt. 5 1/4″ floppies, simple programs, and tinkering through the weekends were how we learned.
But how do you get a young one into these environments nowadays?
There’s been various attempts at a ‘kids’ software environment, things like Logo and the like. The problem is nowadays finding implementations that are either free or useful. The only real Logo environment I’ve been happy with is KTurtle, a Logo implemention for the KDE desktop. On the one hand, I’m terribly amused that by far the best Logo setup I’ve seen REQUIRES Linux to run, and at the moment, Zach doesn’t have a Linux desktop to work with. This sorely tempts me to set it up for him, I have to admit.
But Logo has limitations as a fully useful programming environment. In the modern age of “games a click away”, kids really want to start writing adventures and excitement right off the bat. We all remember spending weeks debugging “PICK A NUMBER FROM 1 TO 10” programs. How do you code Tetris in a few weeks when you’re still learning your multiplication tables?
A long time ago I read an article on SmallTalk in BYTE magazine (yes, a REALLY long time ago, like 1980). It was a discussion about object oriented languages and environments, and described the model of “Everything is an object”. At the time, it was somewhat of an intellectual oddity, though many folks really got into it.
Apparently there is an outstanding opensource project to build a comfortable Smalltalk based environment that can be geared toward kids. It’s called Squeak, and I first learned about it associated with the One Laptop Per Child project, which incorporates some of the Squeak environment. Once I got past some of the initial environment oddities, I found that Squeak provides a platform independent runtime environment, where object-oriented programs can be run compeltely independent of the OS they’re running under. This means apps written on a Mac will work fine on a PC or a Linux box.
Squeak really isn’t something ready to take on the Windows desktop or an environment to write accounting packages in. However, in educational circles, distributions in Squeak have really gotten quite a following. The Squeakland site is designed for educators who are looking for Squeak based information.
I’ll be writing more about Squeak as I get more and more comfortable with it, but unless someone else tells me about another educational / intro to programming environment that’s available for kids, that does NOT require a commercial license, Squeak is where I’m going to put my energy.

Books on Treo? Sure, why not.

During some random chattering online, I pointed a few folks at David Weber‘s works. I’ve really enjoyed the Honor Harrington series. Talk about pure unadulterated space opera. Big capital ships, multiple system alliances at war, fleet operations, and military politics all rolled together into a coherent and rich universe. Fantastic.
I have gotten in the habit of picking up each book as I go on my regular road trips. I usually finish one per visit, and there’s something like 14 books, so things are moving along nicely. I had also heard that Weber had published all the books onto CD, which sounded like a mighty inexpensive way of getting the material, but I didn’t relish having to haul my laptop around to read a story over a slice of pizza.
The other night I came across the Baen Free Library, a series of books that are available, for free, from the publisher. I highly recommend folks take a look at this page, where Eric Flint has an excellent commentary on copyright and why the current “brass knuckles” approach to enforcement is the wrong way to go.
At any rate, navigating around, I happily found the next book in the series I was looking for, and went “Hmm, I guess this should be put onto my Treo. I’ve been meaning to give this a shot…”
Off to Mobipocket to pick up an e-book reader. A quick sync later, and lo, I have the new book, and a reader, on my Treo.
How well does it work?
Surprisingly well. I admit I was a little leery of trying to read what has always been a paperback-sized book on a screen only 3″x3″ in size. Mobipocket does a good job of making it as painless as possible. I found myself settling into a comfortable reading pattern once I had made some small preference settings (go full screen, when scrolling to the next page don’t overlap lines – show the entire next page, etc etc). I think my one nudge is that a screen only holds about 1/4 of a page of text, so to read a single page, I have to ‘tap’ somewhere on the treo to tell it to go to the next page. Fine if I’m holding it in my hand, but when I’m eating lunch, it’s tedious to have to reach out and tap the screen or hit a button every 15 seconds or so. If there were a way to make it, oh, I don’t know, change pages when I tap my foot or something, that would be something. I guess I’ll have to wait on that toe-interface.
Commentaries on E-Books
So, it comes back to E-books. There’s been chatter for years about the idea that electronic book readers would replace paper books. Folks could just download the books they want into their reader, and they’d never need a paper version. Why hasn’t it really caught on? There is an electronic book market, but it’s tiny compared to the volume of paperbacks in the wild.
For me, it’s a combination of DRM and pure practicality. If I spend $6 on a paperback, I have it, I own it, it’s there. I can read it anytime I want, I can toss it on the shelf, come back to it in 10 years, and read it again. I can loan it to a friend, I can make notes in it, I can let my son read it. If I spill a drink on it, it gets wet. Then I dry it off, and read it again. If I run over it with the car, I can still read it, though it might be a bit mooshed.
If I spend $6 on an e-book, I have… a file. That file is most likely encrypted, and cannot be moved or copied around freely. I have to store it somewhere, perhaps on my Treo. I will not have this Treo in 10 years, so what do I do with the book? Store it on a CD? Okay now I have to make copies of it to a CD, and store that CD on a shelf. In 10 years, will anyone actually own CD readers that can read the filesystem on it? How about in 20 years? 30?
Or, if I download the book, put it on my Treo, and oops! I’ve mistakenly deleted it. Or the file got corrupted. Poof, it’s gone. The publishers will happily say “No problem! Just re-download the file” – assuming you can prove you own it, and the publisher is still in business, and you have the license key. Try that in 5 years. Or 15.
No, I don’t see E-books replacing paperbacks. The DRM issue is first and foremost a dead end roadblock, because there’s no working around these problems. The physical issues of ‘keeping track of media’ is something people can work on, and come up with their own solutions, but unless the media is free, there’s really no point in investing in a book collection where someone else holds the keys.

I’m not dead yet!

A brief life update for ya’ll.
First, I’ve been down sick for the last 2+ days. It started late Friday night after a lovely evening in town at Knitcetera. I was feeling a little sluggish on the way home, and by Saturday morning I knew I had Some Nasty Thing. I’ve been running a fever, doing the ‘really painful sinuses’ thing, and coughing off and on all weekend.
Due to the magic of Nyquil, I actually got about 6 hours of sleep last night, so I’m feeling almost human this morning, but that nice sheen of sweat is still with me. Gotta love it.
Further geekiness shall ensue when I can actually focus on something for more than 5 minutes. Lots of nifty projects going on, as well as updates on past ongoing doodles.
Stay tuned, campers!

Internet Radio Station Activism Alert!

I normally don’t post political activism stuff, but this one is too important to ignore.
The finest internet radio station on the net, Radio Paradise, is under threat of being legislated out of existence, due to the big record companies’ influence on the US copyright office.
As stated on RP’s home page:

For some time, we’ve suffered with a system where we pay a large chunk (10%-12%) of our income to the Big 5 record companies – while FM stations and radio conglomerates like Clear Channel pay nothing. Now they want even more. In our case, an amount equal to 125% of our income. Our only hope is to create as much public awareness and outrage about this staggeringly unfair situation as possible. Neither the record industry nor Congress are ready to listen to us at this point. But members of the media may well be, and we need to get their attention.

Please click through to Radio Paradise to see what you can do to prevent fantastic stations like RP from being pushed off the public networks. For a more detailed analysis of the rulings from the copyright office, see Kurt Hanson‘s analysis.