I don't usually disclose the oh-day on a blog, but this is important enough that you should all be aware of it:

<object height="265" width="320"><param name="movie" value="http://www.youtube.com/v/SXmv8quf_xM&amp;hl=en_US&amp;fs=1&amp;"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed allowfullscreen="true" allowscriptaccess="always" height="265" src="http://www.youtube.com/v/SXmv8quf_xM&amp;hl=en_US&amp;fs=1&amp;" type="application/x-shockwave-flash" width="320"></embed></object>

You can see a more realistic depiction of the attack here: http://www.youtube.com/watch?v=oDtvuCzDZgk

Read the discussion of this change on the golang-nuts mailing list. See this notice in UTF-8 format.

For each line, the scanner accepts, in place of the first operator, any of the remaining operators, and outputs a token whose string (set in $GOROOT/src/go/token/token.go) is the first operator.

! ¬

!= ≠

& ∧

&& ⋀

&= ∧=

&^ ∧¬

&^= ∧¬=

… …

:= ≔

<- ←

<< ≪

<<= ≪=

<= ≤

== =? ≟

>= ≥

>> ≫

>>= ≫=

^ ⊻

^= ⊻=

| ∨

|= ∨=

|| ⋁

To install, copy $GOROOT/src/pkg/go/scanner/scanner.go to another file.

Replace scanner.go with scanner.go

Run $GOROOT/src/all.bash and check for 0 unexpected errors.

Changes to scanner.go update gofmt, which accepts UTF-8 operators and outputs their ASCII equivalents.  This mkfile production rule uses gofmt as a preprocessor to create a sharable and compilable file.

%.go: %.ℊℴ

cat $stem.ℊℴ | gofmt > $stem.go

See these files for an example of each new operator form in the context of a simple Go program.

myscanner.ℊℴ

chan.ℊℴ

Please mail me privately if something doesn’t work with this code, to avoid noise on the golang-nuts list, since we’re no longer discussing officially-released code.

PL hackery:

http://www.cs.rutgers.edu/~ccshan/prepose/prepose.pdf -- Kiselyov, Oleg and Shan, Chung-chieh. Functional Pearl: Implicit Configurations —or, Type Classes Reflect the Values of Types.

http://www.cs.rutgers.edu/~ccshan/tagless/jfp.pdf -- Carette, Jacques and Kiselyov, Oleg and Shan, Chung-chieh. Finally Tagless, Partially Evaluated, Tagless Staged Interpreters for Simpler Typed Languages.

PL Theory:

http://www.cis.upenn.edu/~bcpierce/papers/lti-toplas.pdf -- Pierce, Benjamin C. and Turner, David N. Local Type Inference.

http://www.cis.upenn.edu/~bcpierce/FOOL/papers9/shields.pdf -- Shields, Mark and Jones, Simon Peyton. First-Class Modules for Haskell

Formally verified compilers:

http://www.cl.cam.ac.uk/~mom22/jit/jit.pdf -- Myreen, Magnus O. Verified Just-In-Time Compiler on x86.

Logic programming:

http://www.cs.sunysb.edu/~tswift/webpapers/tplp-submit.pdf -- Swift, Terrance and Warren, David S. XSB: Extending Prolog with Tabled Logic Programming

The daily show catches a McCain flip-flop. Four years ago:

The day that the leadership of the military comes to me and says "senator, we ought to change the policy" then I think we ought to consider seriously changing it.

But today when the leadership of the military asks to repeal don't ask/don't tell:

I'm deeply disappointed in your statement [...] In this moment of immense hardship for the armed services we should not be looking to overturn don't ask/don't tell.

There's also a good op-ed by John Oliver on why we should have a don't ask/don't tell policy on people approaching old age.

The Daily Show With Jon Stewart	Mon - Thurs 11p / 10c
A Few Gay Men & Women
www.thedailyshow.com
<embed allowfullscreen="true" allownetworking="all" allowscriptaccess="always" bgcolor="#000000" flashvars="autoPlay=false" height="301" src="http://media.mtvnservices.com/mgid:cms:item:comedycentral.com:263464" style="display: block;" type="application/x-shockwave-flash" width="360" wmode="window"></embed>
Daily Show Full Episodes Political Humor Health Care Crisis

If you hate 419 scams and you love pranks, you'll probably be a big fan of 419eaters. They scam the scammers, tying up their time and ridiculing them. Here's some brilliance from their forums, it's Western Union Man!

That's a picture of an actual scammer that the scam baiter got him to take of himself.

If you're looking for something elaborate, check out http://www.419eater.com/html/SkeletonCoast/safari2.html.

Every programmer has a variable naming philosophy. This is mine:

A name's length should not exceed its information content. For a local variable, the name i conveys as much information as index or idx and is quicker to read. Similarly, i and j are a better pair of names for index variables than i1 and i2 (or, worse, index1 and index2), because they are easier to tell apart when skimming the program. Global names must convey relatively more information, because they appear in a larger variety of contexts. Even so, a short, precise name can say more than a long-winded one: compare acquire and take_ownership. Make every name tell.

The information content metric gives a quantitative argument against long-winded names: they're simply inefficient. I internalized this metric years ago but only realized this phrasing of it recently, perhaps because I have been looking at too much Java code.

Собственно вот:

Подробности тут: http://inferno-hell.blogspot.com/2010/02/beagleboard-dviinfernogui.html (если, конечно, кто-нибудь сможет понять).

I dare you to watch this Frontline episode all the way through without IRCing, texting, blogging, checking your email, watching a youtube video or calling anyone up. I wasn't able to.

This article alerting us that Firefox trusts a Chinese root certificate has some people worried. There's probably good reason for this. But, the truth is that there are an outrageous number of untrustworthy root certificates in root caches of just about any browser. There is also a legitimate need for China to issue certificates. The more important issue here is that we all put our full trust in every one of these root certificates. Why? This violates the principle of least privilege. We would all be better off if SSL certificate authorities were bound to the domain system and limited in scope to a particular subdomain. For example, some certificates authorities should be able to issue certificates for dot-uk addresses, but a Chinese CA definitely shouldn't. But don't hold your breath waiting for this to happen. The certificate authorities make a metric buttload selling certificates for each and every  domain name you want to have an SSL certificate for. If CAs were tied closely to domains it would be possible to buy a single CA cert for your entire domain and you would be able to generate as many site certificates as you wanted to. End of revenue stream.

Go organizes programs into individual pieces called packages. A package gets to pick a short name for itself, like vector, even if the import statement must use a longer path like "container/vector" to name the file where the compiled code is installed. The early Go compilers used the package name as a unique identifier during linking, so that vector's New function could be distinguished from list's New. In the final binary, one was vector.New and the other list.New. As we started to fill out the standard library, it became clear that we needed to do something about managing the package name space: if multiple packages tried to be package vector, their symbols would collide in the linker. For a while we considered segmenting the name space, reserving lower-case names for standard packages and upper-case names for local packages. (Since package names and object file names are conventionally the same, one reason not to do this is that it would require a case-sensitive file system.)

Other languages simply use longer names. Both Java and Python tie the name to the directory in which the package is found, as in com.java.google.WebServer for the code in com/java/google/WebServer.class. In practice this leads to unnecessarily long identifiers, something Go tries to avoid. It also ties the name to a particular mechanism for finding code: a file system. One of the reasons that import paths are string constants in Go is so that it is easy to substitute other notations, like URLs.

Last spring, during a long discussion about how to divide up the package name space, Robert Griesemer cut the Gordian knot by suggesting that we allow multiple packages to choose a single name and fix the tool chain to cope. The import statement already allows introducing a local alias for the package during the import, so there's no linguistic reason package names have to be unique. We all agreed that this was the right approach, but we weren't sure how to implement it. Other considerations, like the open source release, took priority during most of 2009, but we recently returned to the problem.

Ultimately, the linker needs some unique name for each symbol in the program; the fundamental problem caused by deciding that package names won't be unique is to find another source of uniqueness that fits into the tool chain well.

The best approach* seems to be to use the package's import path as the unique identifier, since it must uniquely identify the package in the import statement already. Then container/vector's New is container/vector.New. But! When you're compiling a package, how does the compiler know what the package's import path will be? The package statement just says vector, and while every compilation that imports "container/vector" knows the import path, the compilation of vector itself does not, because compilation is handled separately from installing the binary in its final, importable location.

Last week I changed the gc compiler suite to do this. My solution to the import path question was to introduce a special name syntax that refers to “this package's import path.” Because the import paths are string literals in the Go compiler metadata, I chose the empty string—""—as the self-reference name. Thus, in the object file for package vector, the local symbol New is written "".New. When the linker reads the object file, it knows what import path it used to find the file. It substitutes that path for the "", producing, in this case, the unique name container/vector.New.

Not embedding a package's final installed location in its object file makes the object files easy to move and duplicate. For example, consider this trivial package:

package seq
var n int
func Next() int {
    n++
    return n
}

It's valid for a Go program to import the same path multiple times using different local names, but all the names end up referring to the same package:

package main

import (
    "fmt"
    s "seq" // changed to "seq1" later
    t "seq"
)

func main() {
    fmt.Println(s.Next(), s.Next(), t.Next(), t.Next())
}

prints 1 2 3 4, because it all four calls are to the same Next function:

$ 6g seq.go
$ 6g -I. main.go
$ 6l -L. main.6
$ 6.out
1 2 3 4
$ 

But if we change one of the imports to say "seq1" and then merely copy the "seq" binary to "seq1", we've created a distinct package, using lowly cp instead of a compiler:

$ cp seq.6 seq1.6
$ ed main.go
120
/seq
 s "seq"
s/seq/seq1
 s "seq1"
wq
121
$ 6g -I. main.go
$ 6l -L. main.6
$ 6.out
1 2 1 2
$ 

Now the s.Next calls refer to seq1.6's Next, while the t.Next calls refer to seq.6's Next. Duplicating the object actually duplicated the code. This is very different from the behavior of a traditional C compiler and linker.

A digression: the explicit "". prefix is not strictly necessary. It would be cleaner if the linker treated every symbol as needing to be qualified by the import path, so that all the "". could be dropped. But occasionally it's important to be able to break the rules, for example to define a symbol that is logically in one package be implemented in another. For example, the implementation of unsafe.Reflect is actually in the binary for package runtime, because that's where all the interface manipulation code lives:

$ 6nm pkg/darwin_amd64/runtime.a|grep Reflect
iface.6: T unsafe.Reflect
$

Another reason to use an explicit prefix is to admit names with no prefix at all, as would be generated by legacy C code. Otherwise, what should C's printf be in? If the linker enforced a strict boundary between packages, both of these examples would be impossible. Most of the time that would be a good thing, but systems languages do not have the luxury of stopping at “most of the time.” Last October, a few weeks before the public release of Go, I changed the linker to insert import path qualifiers on all names during linking, but it was too disruptive a change to commit before the release. Last week's implementation, which allows for semipermeable package boundaries, is a much better fit for Go.

This week Ian Lance Taylor is working on eliminating the global package name space assumption in gccgo. He'd like to avoid making changes to the linker, which rules out introducing a “this package” notation like "". Gccgo must be able to write objects that know their own import paths, which means gccgo must know the import path at compile time. But how? There will be a new gccgo command line option, and the build system will simply tell the compiler what the import path is.

In retrospect, I wonder if the effort of "" in the gc tool chain was justified compared to adding an option. The gc implementation is easier to use, but it's not clear how important that will be. Time will tell.

* An alternative approach would be to generate a random identifier each time the compiler is invoked and to use it for the package compiled by that run. When other packages import the compiled package, they can read the identifier and use it to generate references to that package's symbols. The most glaring problem with this approach is that the symbol names you'd see while debugging would be ugly, like mangled C++ names but worse. Another problem is that it would break aggressive incremental compilation: if fmt gets recompiled, all packages that import it would have to be recompiled to pick up the new identifier, even if the external interface hadn't changed. It would be nice to avoid those recompilations, especially in large programs.

MP4 Video Link or Livestream below:

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" height="340" id="preview-player1" width="340"><param name="movie" value="http://cdn.livestream.com/grid/LSPlayer.swf?channel=graverobbers&amp;clip=pla_5da534c4-5d1f-460e-adda-836aee4b514e&amp;autoPlay=false"><param name="allowScriptAccess" value="always"><param name="allowFullScreen" value="true"><embed allowfullscreen="true" allowscriptaccess="always" height="340" id="preview-player" src="http://cdn.livestream.com/grid/LSPlayer.swf?channel=graverobbers&amp;clip=pla_5da534c4-5d1f-460e-adda-836aee4b514e&amp;autoPlay=false" type="application/x-shockwave-flash" width="340"></embed></object>

Saturday, 3 January 2010 - coming soon, updated Qemu image with many new tools

Now that recent projects like writable /proc/pid/ns and rootless post kernel load startup have been announced on 9fans, its time to make a new version of the Qemu preinstalled image with all the new stuff. It will include the latest updates of the previous grid software as well as hubfs, grio, and the new startup process - all available optionally, along with the traditional default kernels and configs. However, I am going to try to make the customized environment as compelling as possible, because I'd like to make a good case for the idea that using multiple system nodes, virtualized or not, has practical benefits. Some goals:

• multi-machine aware startup to bind in fileserver and cpu resources early if available

• easier to make use of 9gridchan.org hosted resources - and 9gridchan registry needs more real services

• easy to set up highly unconventional namespace structures coexisting on a single machine (rootless boot helps)

• simple, scripted data replication and machine backup operations

• easy bootstrapping from grid of VMs to physical machines or mixed grid

Release goal is by the end of January, with a rough spin available for interested testers a week before or so.

Wednesday 21 October 2009 - Overdue Hubfs announcement - improved "screen" utility

Since this has been up on sources for several months now, I really should have announced this here already. Hubfs is an improved screen-like tool for Plan 9, implemented as a 9p fs with client. It is much more resource efficient than iosrv and, as a 9p fs, much better integrated into the overall system. The user interface is also much more sane. It can be installed from the source tarball contrib/mycroftiv/hubfs.tgz, or with contrib/install mycroftiv/hubfs. Basic usage is just 'hub NAME' to either start a new shell/hub session or connect to an existing. The manpage explains most of the details. Following completion of a solid version of hubfs I hit the burnout threshold as a result of several months of 16 hours a day of Plan 9 and retreated to a remote corner of namespace for a couple months. With the arrival of the winter months, however, I have a good excuse to turn on all my computers in the service of home heating, and undoubtedly this will result in a renewed burst of development energy.

Wednesday 8 July 2009 - Announcing Iosrv - "screen without a screen"

After several weeks of isolation in their underground lab, the /9/grid's craziest researchers are now unleashing upon the world our latest weapon in the struggle for an open collaborative decentralized worldwide grid:

Iosrv.tgz

Available on Bell Labs sources - contrib/install mycroftiv/iosrv or as a tarball contrib/mycroftiv/iosrv.tgz to mk install at your pleasure, or here - this is what happened when we decided to get serious about screen-like functionality for Plan 9 while also trying to pursue some tantalizing hints about some of Doug McIlroy's original ideas that led to the creation of UNIX pipes. Iosrv (which is controlled via a wrapper scrip called io for both the clients and server) does not emulate a terminal in the manner GNU screen does - instead, it follows the Plan 9 principle of staying close to file i/o fundamentals and provides multiplexed buffered pipes that can be attached to the three standard file descriptors used by textual environment programs such as the rc shell.

As a consequence of this, we have some new tricks, and here's the best one:

The clients attached to an iosrv can all share locally executing shells with each other in addition to using the shells on the iosrv host

The standard model of usage that corresponds to how GNU screen works is for clients to attach to an existing iosrv in an imported /srv (started with a command like io rcjul15 on the iosrv remote host ) using the io wrapper script:

io SRVNAME

This command connects to an existing /srv/srvname. Once connected, additional commands will be trapped by the client. To create and attach to new shells hosted by the iosrv remote machine with the command remote # where '#' is a multiple of 3. The first new shell might be created with:

remote 3

followed by subsequent shells created by replacing '3' with successively larger multiples of 3 as the number of backed shells increases. (Each shell uses 3 file descriptors) To move between shells after they have been created, attach # will connect to previously created rc shell Hubs.

attach 0

will move back to the set of file descriptors beginning at Hub 0. (More on Hubs in a moment). The new trick is to start a new shell like this:

local 6

which will start a new rc shell on the CLIENT machine, but connect its i/o file descriptors to the remote iosrv HOST. The consequence is that the locally executing rc becomes shared back to the iosrv, and other clients of the remote host can attach to it using

attach 6

and the shell running on your machine is available to them exactly as a shell running on the iosrv host. In other words, iosrv really does 'serve i/o' and doesn't care what's considered the client or server from the viewpoint of the user, it just pipes data back and forth to whatever its pipe Hubs are connected to.

Ok, there's that word again - Hub - the Hub is the low level data structure iosrv uses to organize connections. Following Pike's classic dictum that "data dominates", we are offering a new variant of an old abstraction, the pipe. A Hub is a pipe, but it has multiple nozzles on each end. It accepts multiple simultaneous readers and writers and allows them to connect and disconnect independently to and from the flow of data in real time. The core iosrv knows nothing of rc, or shells, it simply manages a set of file descriptors connected to Hubs. A standard shell has 3 open file descriptors, so 3 Hubs allow an arbitrary number of clients to all make use of the same shell. Adding a new shell simply means creating 3 new Hubs and then starting an rc using file descriptors managed by that iosrv. This why standard attach, remote, and local commands always take a multiple of 3 as their numeric parameter.

On the client side, a smaller program called ioshell navigates the forest of piped file descriptors for the user, acting to connect the file descriptors of the initiating client to the Hubs provided by iosrv. It also monitors user input for command strings and then takes actions or passes them to iosrvs ctl file as appropriate.

The iosrv is completely parallel, forking off independent processes for reading and writing each connected file descriptor. It is not uncommon for a busy iosrv to be coordinating 50-100 running processes and holding double that many file descriptors. This will not however clog the host system, because all processes use QLocks and/or blocking reads to control execution, yield execution frequently, and each Hub has individually tunable process cycle sleeptime. Testing shows that even a low resource Qemu based virtual machine can easily handle multiple simultaneous clients and servers to multiple local and remote rc shells.

The iosrv also provides fine-grained control over resources for the user, although the interface to this is a work in progress. Using iosrv for screen-like functionality is its main intended purpose, but the design is deliberately open-ended. It is already possible to use iosrv as a kind of greatly expanded 'tee' for data streams and we will be trying to prototype some multinode applications that pipe data around in constant loops between them.

We have been using iosrv heavily and testing it extensively. It is not perfectly polished but we have found it to be stable, reliable, and functional in its current state. Suggestions for features and code improvements always welcome.

Look for shared public shell exports as services in the 9gridchan.org 9p service registry soon, also.

Thursday 18 June 2009 - screen functionality in a few lines of rc

This is an extension of the earlier post - this is a pair of scripts intended to be used on nodes setup similarly to those described in 'reversed remote execution' - it allows shared terminals to have persistent state in the background with the ability to be pushed onto the remote clients (which are providing rio as a service).

#! /bin/rc
# start up an rc with its i/o connected to pipes set
# this monitors and its window should be set to scroll if not backgrounded

mkdir /tmp/wpin
mkdir /tmp/wpinclone
mkdir /tmp/wpout1
mkdir /tmp/wpout2
mkdir /tmp/wpout3
bind '#|' /tmp/wpin
bind '#|' /tmp/wpinclone
bind '#|' /tmp/wpout1
bind '#|' /tmp/wpout2
bind '#|' /tmp/wpout3
window -m
rc <{tee /tmp/wpinclone/data < /tmp/wpin/data1} | tee /tmp/wpout1/data /tmp/wpout2/data /tmp/wpout3/data


#! /bin/rc
# attach to a copy of grc using wpout $1 and push to a second wsys also

mount $wsys /mnt/wsys new
bind -b /mnt/wsys /dev
read -m /tmp/wpout$1/data1 | tee /dev/cons &
read -m /dev/cons | tee /tmp/wpin/data &
cat >> /tmp/wpin/data

The usage model is probably not exactly transparent from these scripts - the first script is named grc and it creates a set of pipes and starts an rc with its input and output redirected to them. This is what creates the 'screen' like functionality - any number of processes can control the shell by writing to /tmp/wpin/data, and as many clients can read the output as there are teed output pipes. Window -m is started after binds to provide a seed window - you will probably want to start more than one additional window -m to preserve access to the pipes in the namespace.

The second script I name getgrc and it assumes that you have set $wsys to a traget window system, then starts a new window on it and connects the i/o of both the remote and the local window to the specified output pipe. It should be noted that the quasi-screen functionality is independent of the idea of mounting a remote window system and using i/o from both/either location. If you want a simple screen equivalent, simply making the pipes and starting the rc with i/o redirections allows multiple clients to use it by connecting to the piped files.

Tuesday 16 June 2009 - Reversed remote execution connections and shared sub rios

An experience I continually have with Plan 9 is discovering that everything I have ever wanted to do with computers but have never been able to effectively before can be done with about 3 lines of rc and the standard Plan 9 toolkit. Right now I am gleefully exploring what I find to be an incredibly rich and useful set of possibilities created by rio-as-fileserver. First, let me describe the setup I'm using so you can follow along - you want two plan 9 systems for this, with at least one setup as a CPU server. A pair of Qemu VMs will work fine. Let's just assume you have a pair of CPU servers running, machines A and B, each with a graphical display, rio running, and with a standard exportfs listener on port 17007.

You are working using cpu server A, and your friend is using cpu server B. For convenience, we will describe this as if you have full privileges on each other's machines, but these tricks can also work fine between parties with more limited trust with appropriate modifications to how the filesystem exports are set up. Your goal is to use Plan 9 for some lightweight interactive resource sharing for real time communication and collaboration. Each of you opens a subrio within your main rio session. To start off, you need access to some of machine B's resources. You are working using cpu server A, and you start with:

import -c cpuB /srv /n/cpuBsrv

Now you want to write a message to your friend that will appear on his screen in a new window briefly.

wsys = /n/cpuBsrv/rio.friend.68962

window -m rc -c 'echo hi fred && sleep 5'

And up on Fred's screen on machine B pops a window saying 'hi fred' that sticks around for 5 seconds, then vanishes. How and why? Because rio is a fileserver, and the window command mounts whatever rio is specified in the $wsys. The window command is actually an rc script that can show us the principles involved for a lot of nice tricks. How about just popping up a window to talk back and forth:

mount /n/cpuBsrv/rio.friend.68962 /mnt/wsys new

bind -b /mnt/wsys /dev

cat /dev/cons &

cat >/dev/cons

And you have created a window on your friends screen, with each of you able to see whatever the other types. This is a perfectly functional and usable way to communicate, and the ability to initiate the connection by making the window appear on demand in the 'shared' rio is an improvement over other simple equivalents like telnet or netcat based direct chat.

Another very simple and useful application is to allow your friend to run an interactive rc on your machine, with the display on his system, while you watch. In other words, he is using your machine in a manner similar to a telnet/ssh login, even though you 'pushed' the window onto his machine. The first two setup lines are the same as before:

mount /n/cpuBsrv/rio.friend.68962 /mnt/wsys new

bind -b /mnt/wsys /dev

exec rc -v < /dev/cons |tee /dev/cons

Now you can watch in real time as your friend uses your system. You can also easily invert this - and let your friend watch what you are doing. Just change the final line to:

exec rc <{tee /dev/cons} |tee /dev/cons

This changes the source of the controlling input to the shell from the remote /dev/cons to the local standard input. I believe both of these simple interaction models provide useful functionality in very direct ways. The real-time mirroring of the textual input and output in a shell window is provided without any of the usual overhead of a tool like VNC viewing and the use of a sub rio session as a container for the shared windows makes sandboxing via namespace manipulation very easy - and it should be noted that sharing a rio service is very different than providing full cpu server functionality, as only the functionality of rio is being exposed to the remote client. These simple filesystem and i/o based operations provided fine grained real time connectivity options with lower overhead and potentially greater security than the predominating methods.

The above commands are very simple and can certainly be improved upon - in particular the standard error is being abused and the prompt and errors will be suppressed for the remote user. I'm certain a lot of Plan 9 users out there have nifty improved versions of these tricks or similar. Using the fileserver properties of rio to create a sandboxed dynamic shared environment is a good fit for the goals of the /9/grid so we'll be posting an example of a scripted 'shared workspace' setup script and commands soon - its a pretty clear upgrade from the current 'grid graffiti wall' to a real-time 'grid graffiti rio!'

Sunday 7 June 2009 - Planning for demo grid setup

We are trying to determine the best way to have a larger set of public services - more nodes, and a demonstration of ideas like the High Availability Grid, an attempt to make a redundant and failproof environment that still maximizes the utility of the attached resources and can be flexibly reconfigured on the fly. Most of the following are things that we have already protyped and tested, but haven't been available through our public portals. Things we'd like to implement (perhaps not all at once):

• A high availability configuration of resources using about 6-8 functional nodes divided between 2-3 physical machines.

• On-demand temporary single VMs

• "The proving grounds" - a combination of both of the above, but with the intention of stability and stress testing for various multimachine configurations.The only way to test 'failproofing' is to force failures and test the ability of the systems to recover.

We've been doing some testing of VMware server in addition to our normal Qemu/9vx/p9p based setups. We prefer free open source personally, but some people prefer to VMware to qemu so we may begin providing vmware .vmdk images as well as Qemu qcow2s. For anyone who wants to try using vmware now, it is possible to use qemu-img convert to make a vmdk from a .qcow2, but there were a few additional adjustments we needed to make for best results, notably recompiling the included pccpuf kernel.

Wednesday 3 June 2009 - Documentation added for new tools

Well, some documentation for some of the new tools at least, but its a start. Writing documentation is hard. The organization of knowledge is the tricky thing. The balance of conceptual explanation and task-oriented how-to is hard to get right. The docs in the docs directory still need to be supplemented with some specific task-oriented recipes for doing things like making a fully customized local grid, which requires a bit of coordination of action at the host os level and the VM interiors. As a warmup, I'll try to summarize the process here:

The base system image is designed to serve as the seed for a multisystem grid. It includes a variety of /cfg directories to use as base roles for new systems, and the confighelper script is designed to help do customization quickly. If you want to create a personalized local grid of machines from the base image, here is how to do it:

• Test the base image in its default configuration to verify functionality before customizing.

• login as bootes in cpu server mode and start up the confighelper

• choose to (r)eset machine key and passwords, and answer the prompts. Your chosen authdom is particularly essential - it can be your domain if you have one, or just an arbitrary name for 'your grid turf'.

• reboot the vm to cpu server mode and answer the prompts to create the new machine key. You only get once chance to set bootes' password here, be careful. Then run auth/changeuser bootes and enter the same password you just did, and then run auth/changeuser for your other users and set their new passwords. Run auth/changeuser -n for each user also to update the netkeys.

• at this point your new auth setup should be complete and you should be able to drawterm/cpu in, 9fs if the port 564 listener is running, use netkey auth, etc. Please test whatever functions are important to you.

• this is your new seed image. If you use it as a base for cloning your additional grid systems, they will all include copies of the auth information and keys and users.

• now you can manufacture as many customized systems as you want using the confighelper tools. to make a new customized system, first create a new blank qemu qcow2 for it. qemu-img create -f qcow2 newsysname.qcow2.img 1G creates a qcow2 blank disc that can expand up to 1gb of storage. A venti backed fossil is very small so you probably wont use much of that space.

• now boot qemu with the blank disk attached as -hdb. in windows for instance, you might do qemu -L . -hda g9.qcow2.img -hdb newcpu.qcow2.img -redir tcp:567::567 -redir tcp:17010::17010 -m 256, then drawterm in as bootes. Run the confighelper script and choose to (a)dd new system to grid. It will prompt you for a system name and other info and a config from /cfg to clone - it will then transform the disk on drive 2 into a customized clone of your seed system on drive 1.

• continue this process to make as many customized VMs as you want. A very common customization to apply would be changing the venti server IP so you could boot additional nodes on other machines using your existing venti server.

• these cloned VMs are bootable in exactly the same way as the parent images, and can make 'children' of their own.

• Making a new blank qcow and booting and running the configscript takes about 1 minute once you are familiar with the process, so you can make two VMs for every computer on your LAN more or less instantaneously. Note that you might want to 'preload' your /lib/ndb/local with the new machines using confighelper's nbd updater prior to starting the cloning process, so all children have all their peers in their ndb.

Monday 1 June 2009 - New Release Cycle begins!

Well, we've got a new version of the qemu-based grid tools up - it provides a lot of new functionality, flexibility, and hopefully ease-of-use. We haven't really started documenting everything that's going on with it, and we are going to be rolling out new services related to its design during the upcoming weeks. The image and tools itself should start getting more frequent updates and we are hoping to leverage Venti and other Plan 9 based tools to do so.

If you already have access to a linux machine, the new base version of the image provides what we hope is pretty neat out-of-the box functionality - you extract the .tgz, cd into your new gridtools directory, and run (as root) a simple iptables script to redirect some low ports to high ports for the qemu VM to access without root privileges. The gridlord script (run as normal user inside the extraced directory, no install required) then provides a simple menu-based interface to control a full distributed plan9 system all on your local machine. Fire up a VM and let it boot in cpu server mode, then drawterm in as bootes, glenda, or gridna with password: gridpass. The VM image itself is meta-pre-configured - check out the /cfg directory, which holds relatively self-descriptive configurations for multiple machine roles. /usr/bootes/bin/rc contains confighelper -- a wrapper for an set of configuration helper scripts designed to let you quickly and easily control some administrative variables. Please note that right now this is an ad-hoc set of recipes based on the base configuration we provide. We hope to develop it into a more general purpose Plan 9 configuration utility, but it is currently not recommended for use with anything other than the 9gridchan.org preconfigured qemu image.

There are several other customizations and extras included in the image - and source code to everything, of course. /usr/grid is a 'non-login' user whose directories contain some of the grid tools. /usr/grid/src and /usr/bootes/lib have most of the additonal materials, along with /usr/grid/bin/rc and /usr/grid/bin/386 - these directories are bound in during most user's profiles, except glenda. We left Glenda basically untouched from the Bell Labs setup in this image. Thanks to everyone who helped test and offered suggestions for this version of the tools, and we look forward to improving it further according to user suggestions. As of the time of this posting, the surrounding documentation and web resources are still mostly un-updated so things like the walkthrough screenshots gallery still apply to the old version of the image.

Wednesday 13 May 2009 - Self-assembling high availability grids

Currently under testing and development: the amazing "infinite rabbits from a single venti-hat" High Availability Grid. The past few weeks we've been exploring ideas triggered by the possibility of storing entire sets of machines in both virtual machine and fossil vacroot form in a set of arenas and isect data for a venti server. Before your eyes glaze over from the seeming over-complexity, lets cut to the chase, the goal for the end user.

The end product is a relatively small file distributed as a .tgz that contains a complete set of files for a venti server and a large collection of .vac files. The venti data includes the rootscores of many different machine fossils, and also entire preinstalled qemu virtual machine images that correspond to those rootscores. Using either a native or plan9port venti, the user can choose from a large number of differentlty configured machines to instantiate on either native hardware or as a virtual machine. The venti has data corresponding to machines ranging from an untouched default install to a large grid of dozens of machines. Due to the nature of venti, storing an arbitrarily large number of differently configured virtual machines and fossils has almost no overhead.

The system images included are configured to act as an integrated plan 9 network with a few tricks designed to provide a high availability 'cloud' environment out of the resources available. This is the system employed on the 9gridchan version of the grid which will be opened for public use soon. Our current setup uses one master and one backup venti, three fossil file servers, three cpu servers, and an arbitrary number of terminals. The creation of a single unified environment for the user along with failsafe reliability is accomplished via simple scripted filesystem imports and binds.

Any of the 3 fossils can boot backed by either of the two ventis, which use venti/rdarena and venti/wrarena to make scores available on both. Each CPU server boots with a TCP root from a different fossil. However, all the fossils are basically identical, and when the user logs into any cpu server, 9fs imports of the other fossils are imported, and the primary fossil's $home is bound over the boot $home by the cpu. A simple backgrounded script then mirrors the data from the active $user to the backup fossils.

The user interaction model is to dial each of the three cpu servers from a different window on their terminal. Each window will behave identically and binds $home from the same primary fossil, but is using a different CPU with a different tcp root and venti backup. Once the user has dialed in their three windows, they can work freely in any of them and see the same file data. If that fossil fails, the backup fossils, no more than 5 minutes out of date, can be bound to $home. A standard usage model is to run rio on one cpu, acme on another, and rc shell only on the third. The user experience should be identical to working with a single all-in-one machine with the difference of enhanced reliability and the increased performance of truly independent multiple CPUs.

A public release of a first version of these tools along with some updates to the g/scripts and preconfigured qemu images should be arriving soon. Feel free to stop in #plan9chan on irc.freenode.net if you want to explore this system in its development state. Standard public resources such as omni are unaffected by the current development environment but will become integrated at the time of an initial public distribution.

Apr 12 2009 - Just checking in

No big news on the grid past few weeks - had a service interruption for a few days, but it was resolved. Shockingly, the brief absence of 9gridchan services did not cause any significant rioting or result in the overthrow of any governments. We are greatly relieved.

Feb 19 2009 - Random update

Random blog update to make sure people know the project is healthy and ongoing. An actual public announcement of some kind on a known Plan 9 forum such as 9fans has been something we've been waiting a long time to do.

Feb 02 2009 - Explanatory captions for the walkthroughs.

Thanks to the ceaseless flow of innovation and progress in free and open source software, the walkthrough screenshots tutorial galleries now feature captions and better navigation! Additionally, we are working to provide new services and content on the dynamic 9p registry system. Nothing too thrilling, but as an example, the omniguest user is now exporting /bin. After connecting to that service, binding the imported directory over the local /bin in an rc window allows testing of any of the installed software on the public cpu server without actually logging in.

Jan 31 2009 - Setup screenshots gallery

Created a couple galleries with screenshots of starting up the image, connecting with drawterm, and running configscript. Hopefully having a visual reference will make it easier for people trying plan 9 for the first time to see if they are seeing what they are supposed to see. More screenshot galleries will be added to demonstrate making use of the g/script toolkit and 9gridchan.org resources.

Jan 30 2009 - post #2: more on 1.1

The preinstalled qemu node image has several purposes. Most importantly is to provide an easy-to-use form of Plan 9 for every platform. Qemu runs on everything and a preinstalled image means that once the download is complete, the user can be inside a fully functional Plan 9 enivornment instantly. Another goal is to provide easy access to the key component of Plan 9: a CPU server. Another is is to provide a user-driven, decentralized platform for grid computing research and development. The latest version of the image makes bootup easier with a single menu for boot choices. There are more variant versions of plan 9 software and some customizations like the default font, taken from quanstro's subpixel fonts. A small sampler collection of .vac scores for downloading additional docs and collections of Plan 9 pictures from venti.9gridchan.org is also included. Thanks as always to the Plan 9 contributors whose work is included such as fgb (contrib and abaco), andrey (irc7 and links port), and others.

Jan 30 2009 - Development blog post #1

A big day of upgrades - along with release 1.1 of the /9/grid qemu image and toolkit, we've upgraded www.9gridchan.org with Uriel's latest Werc + Soul9's image gallery application plugin. Thanks to them for their development efforts. The new 1.1 image features more stuff and a smaller download and installed size, along with default user accounts for instant drawterm/cpu access for testing. (CHANGE THOSE PASSWORDS before allowing access from external networks, everyone!)

Ongoing projects include adding scripts for managing venti servers and databases of .vac files to the g/toolkit and a grid game based on namespace manipulation. Future blog posts will also provide some tips and tricks for using grid resources and tools.

Unfortunately video didn't come out.

2010 and the dirty trick committee is at it again!

Federal officials accused four men, including a conservative activist, of posing as telephone repairmen to tamper with phones at the New Orleans offices of Democratic Sen. Mary Landrieu. [...] Late Monday morning, according to an FBI affidavit, Messrs. Flanagan and Basel, dressed in blue work shirts, fluorescent green vests and construction hard hats, entered Sen. Landrieu's offices and told a staffer they had come to fix the phone lines. By then, Mr. O'Keefe already had arrived at the offices, according to the FBI. -- http://online.wsj.com/article/SB20001424052748703906204575027500584356116.html

Microsoft is defending China's internet censorship program proving that they're still pretty good at being evil. Take that, Google! Also thanks for all the bugs!

That rabble rouser Obama wants to give us high speed rail! That is just pure awesome. I bet there are lots of people who want his head. Oh, and in other news "2009 goes into the history books as the worst year the [airline] industry has ever seen." Yay! In my opinion no other industry treats its customers as poorly as the airline industry. They've received numerous bailouts in the past and seem to have decided that they do not need to earn their dollars. Oh, and they'd rather sequester hundreds of people on the tarmac for hours on end to save a few bucks. Please rot in hell.

I'm starting to get that "double-dip" feeling. Here's some new housing data.

Industry anti-piracy groups are still using heavy handed methods and harassing innocent people. Now laywers who were beaten up for their lunch money in school can get back at society as hired thugs for the music industry.

And going a little deeper on the headlines, check out Nate's wrapup on the PS3 hack.

One of the great religious debates in compiler writing is whether you should use parser generators like yacc and its many descendants or write parsers by hand, usually using recursive descent. On the one hand, using parser generators means you have a precise definition of the language that you are parsing, and a program does most of the grunt work for you. On the other hand, the proponents of hand-written recursive descent parsers argue that parser generators are overkill, that parsers are easy enough to write by hand, and that the result is easier to understand, more efficient, and can give better error messages when presented with syntactically invalid programs.

Like in most religious debates, the choice of side seems to be determined by familiarity more than anything else. I knew how to use yacc before I knew how to write a parser by hand, which put me solidly on the parser generator side of the fence. Now that I do know how to apply both techniques, I'd still rather use a parser generator. In fact, I've worked on projects where I've written parser generators rather than write a parser by hand. Good notation counts for a lot, as we shall see.

In Coders at Work, Ken Thompson talks to Peter Seibel about yacc and lex:

Seibel: And are there development tools that just make you happy to program?

Thompson: I love yacc. I just love yacc. It just does exactly what you want done. Its complement, lex, is horrible. It does nothing you want done.

Seibel: Do you use it anyway or do you write your lexers by hand?

Thompson: I write my lexers by hand. Much easier.

Many of the objections raised by the hand-written parser camp are similar to Thompson's objection to lex—the tool doesn't do what you want—but there's no fundamental reason a tool can't. For example, the spurious conflicts that an LALR(1) algorithm produces are definitely hard to understand, but if you replace it with LR(1) or GLR(1), you get a more useful tool. And if you do learn how to work within the LALR(1) algorithm, even yacc is very powerful.

The objection to parser generates that seems to resonate most is that generators like yacc produce inadequate error messages, little more than “syntax error.” Better error messages were one of the key benefits hoped for when g++ converted from a yacc-based C++ parser to a hand-written one (and to be fair, C++ syntax is nearly impossible to parse with any tool; the many special cases cry out for hand-written code). Here the objection seems harder to work around: the parser internally gets compiled into an automaton—usually a big table of numbers—that moves from state to state as it processes input tokens. If at some point it can't find a next state to go to, it reports an error. How could you possibly turn that into a good message?

Clinton Jeffery showed how in a paper published in ACM TOPLAS in 2003 titled “Generating LR Syntax Error Messages from Examples.” As you can guess from the title, the idea is to introduce a training stage after the parser is generated but before it is used for real. In that stage, you feed examples of syntax errors into the parser and look at what state it ends up in when it detects the error, and maybe also what the next input token is. If the automaton hits an error in that state (and with that input token) during real use, you can issue the message appropriate to the example. The important part is that the parser states are basically an abstract summary of the surrounding context, so it's reasonable to treat errors in a particular state with a single message. For example, suppose you find that this Go program

package main

import (
 "fmt",
 "math"
)

causes a syntax error at the comma, in state 76. In the parser, that state means that you're in the middle of an import block and expecting to see a string constant. The state abstracts that context, so you'd end up in the same state if you were parsing this erroneous program:

package fmt

import ( "strings"; "testing", "xgb" )

Having told the parser that the appropriate error message for the first program is “unexpected , during import block,” the parser will use the same message for the second program.

It's an elegant idea, and the implementation can be kept on the side, without adding any complexity to the grammar itself. I heard about this idea through the grapevine years ago (in 2000, I think) but had never gotten a chance to try it until this week.

There are three Go parsers: Ian Lance Taylor wrote a hand-written recursive descent parser in C++ for gccgo, Robert Griesemer wrote a hand-written recursive descent parser in Go (import "go/parser") for godoc and gofmt, and Ken Thompson wrote a yacc-based parser in C for the gc compiler suite.

On Monday night, I implemented Jeffery's idea in the gc compiler suite. The gc compilers use bison, the GNU implementation of yacc. Bison doesn't support this kind of error management natively, but it is not hard to adapt. Changing bison would require distributing a new version of bison; instead, my implementation post-processes bison's output.

The examples are in a new file go.errors. Because the lexer is written by hand, it's not available in the simulation, so the examples are token name sequences rather than actual program fragments. In token lists, the program above and its corresponding error message are:

% loadsys package LIMPORT '(' LLITERAL import_package import_there ','
"unexpected , during import block",

Understanding the tokens on the first line requires knowing what the various grammar token names mean, but they basically mimic the syntax, and this tool is targeted at the people working on the grammar anyway. An awk program loads bison's tables from its debugging dump y.output and then processes the go.errors file, replacing each line like the above with the number of the offending state and input token. That produces a table that can be linked into the compiler and consulted when a syntax error is encountered. If the state and input token match an entry in the table, the better error is used instead of a plain syntax error.

That was an outsized amount of work to close one bug, but now it's easy to add better messages for other common situations. For example, the fact that only the short := declaration form is allowed in for initializers sometimes trips up new Go programmers. When presented with this program:

package main

import "fmt"

func main() {
 fmt.Printf("hello, world\n")
 for var i = 0; i < 10; i++ {
  fmt.Println(i)
 }
}

the compiler used to just say there was a syntax error on line 7, but now it explains:

$ 6g x.go
x.go:7: syntax error: var declaration not allowed in for initializer

because of this stanza in go.errors:

% loadsys package imports LFUNC LNAME '(' ')' '{' LFOR LVAR LNAME '=' LNAME
"var declaration not allowed in for initializer",

Gccgo and gofmt give more traditional token-based errors:

$ gccgo x.go
x.go:7:6: error: expected operand
...

$ gofmt x.go
x.go:7:6: expected operand, found 'var'

What's interesting isn't that neither has bothered to handle this as a special case yet. What's interesting is to consider the work required to do so. Changing either would require understanding the corresponding hand-written parser well enough to find the right place to put the special case. With the example-based approach, you just write an example, and the tool figures out where in the parser it needs to go.

China is denying it had anything to do with the Google hack and pointing the finger back at the US saying that certain unnamed intelligence agencies have hacked a number of email accounts. I believe half of that statement.

The lady who was fined $2M for illegal file sharing of music has had her fine reduced to $52k. The judge simply thought the original fine was too "monstrous and shocking" and reduced it to the largest value he thought was no longer so. $52k sounds more appropriate for sharing 24 songs with no profit motive.

There's been progress on hacking the PS3 to open up the platform (and support piracy). The headline says "hacked" but it sounds like there's still a bit of work to be done.

Its looking more likely that the guy in charge of making sure our economy doesn't tank during the biggest recession of our lifetime is going to get to keep his job. It must be nice working in the financial industry where you can be popular and even make tons of money even if you destroy the wealth of your clients or constituents. Some people are happy at the job he did to get us out of the recession, and I think he deserves credit for that, but now that we're out of recession, he should still be shown the door for letting us get into the mess in the first place.

I dig protocols and as a result I write marshalling code often. When I do, I often take the opportunity to rethink some ideas and try out something new. I'm going to use this post to talk about some marshalling ideas and code that I'm playing with now. The goal here is to write marshallers that are short and concise and easy to use. Performance is not considered.

Marshalling
Marshalling is the process of converting some structured data into a serial format. One way to think about this in python is a function that maps some structured datum into an iterable that yields characters. The simplest marshallers can be written directly using generators:

def encChar(ch):
    yield ch
def encNum1(x) :
    yield chr(x & 0xff)

More complex marshallers can be written by chaining together simpler encoders. The itertools module provides a chain function which does this. Here we marshall 16-bit and 32-bit numbers in big-endian format:

from itertools import chain
def encNum2(x) :
    return chain(encNum1(x >> 8), encNum1(x))
def encNum4(x) :
    return chain(encNum2(x >> 16), encNum2(x))

Marshalling a fixed list of values can also be accomplished by chaining together several encoders:

def encFixedList_(es, xs) :
    return chain(*(e(x) for e,x in zip(es, xs)))

This function chains together the encoding of each item in xs using the matching encoder in es. In practice you'd want a special zip that results in error if the number of es and xs was not the same, but lets ignore that for now. This function will work just fine, but it has a problem in practice -- usually you'll want to use this function partially applied, providing the es but leaving the xs to be filled in later. Here's where currying comes in handy. We'll make a function that takes just the es and returns a function that takes the xs later:

def encFixedList(*es) :
    return lambda xs : chain(*(e(x) for e,x in zip(es, xs)))

This is much easier to use:

encMyList = encFixedList(encNum4, encChar, encNum2)

You might notice that the encoding of fixed lists is basically an encoding of records. If we presuppose that all of our records have a toList method that returns all of the record's fields as a list, we can write a marshaller for these records:

def encRecord(*es) :
    enc = encFixedList(*es)
    return lambda rec : enc(rec.toList())
class MyRec(object) :
    def __init__(self, a, b, c) :
        self.a, self.b, self.c = a,b,c
    def toList(self) :
        return (self.a, self.b, self.c)
    def __str__(self) :
        return '[MyRec a=%s b=%s c=%s]' % self.toList()
encMyRec = encRecord(encChar, encNum1, encNum1)

To use these marshallers we pass the value we want to encode and then convert the resulting iterable to a string:

def encode(enc, x) :
    return ''.join(enc(x))
x1 = encode(encNum4, 0x01020304)
print '%r' % x1
x2 = encode(encMyList, [31415927, 'x', 257])
print '%r' % x2
x3 = encode(encMyRec, MyRec('A', 5, 10)) 
print '%r' % x3 

Unmarshalling
Unmarshalling is the process of turning a stream of bytes back into structured data. Instead of working with an iterable and converting it to structured data we'll be working with an iterator. The difference is subtle; we'll want to consume bytes and keep track of where we are in the stream. An iterator does just that. Each of our unmarshallers will take in an iterator of characters, consume some of the bytes and return a decoded value. As before our simplest unmarshallers are for characters and single-byte numbers:

def decChar(it) :
    return it.next()
def decNum1(it) :
    return ord(decChar(it))

Unmarshalling larger numbers is just a matter of unmarshalling several smaller numbers and composing them. Here are the unmarshallers for 16- and 32-bit big endian numbers. These definitions make use of the left-to-right order of evaluation:

def decNum2(it) :
    return (decNum1(it) << 8) | decNum1(it)
def decNum4(it) :
    return (decNum2(it) << 16) | decNum2(it)

And unmarshall fixed lists is just a matter of decoding each constituent in turn. Here again we use currying:

def decFixedList(*ds) :
    return lambda it : [d(it) for d in ds]
decMyList = decFixedList(decNum4, decChar, decNum2)

To unmarshall a record we need a way to unmarshall the constituent fields and then create the record. The decFixedList function can be used to unmarshall the records if we have a way to construct the record from a list. We'll presuppose that our records have a constructor that take the field values in turn, then unmarshalling is simply:

def decRecord(klass, *ds) :
    dec = decFixedList(*ds)
    return lambda it : klass(*dec(it))
decMyRec = decRecord(MyRec, decChar, decNum1, decNum1)

To use these unmarshallers to decode a binary string we must first get an iterator and then pass it to the decoder:

def decode(dec, binary) :
    return dec(iter(binary))
print decode(decNum4, x1)
print decode(decMyList, x2)
print decode(decMyRec, x3)

Records
One refinement I often make is to simplify the construction of records since I often have many records in the protocol:

class Record(object) :
    def __init__(self, *args) :
        for f,v in zip(self.__fields__, args) :
            setattr(self, f, v)
    def toList(self) :
        return [getattr(self, f) for f in self.__fields__]
    def __str__(self) :
        fs = ', '.join('%s=%r' % (f, getattr(self, f)) for f in self.__fields__)
        return '[%s %s]' % (self.__name__, fs)

Now defining a new record is done simply by filling in the __name__ and __fields__ values:

class MyRec2(Record) :
    __name__ = 'MyRec2'
    __fields__ = 'code', 'cost', 'quantity'
encMyRec2 = encRecord(encChar, encNum2, encNum1)
decMyRec2 = decRecord(MyRec2, decChar, decNum2, decNum1)
x4 = encode(encMyRec2, MyRec2('X', 2495, 3))
print '%r' % x4
print decode(decMyRec2, x4)

Discussion
In the past I had used a special buffer class to marshall data into and out of instead of using iterables and iterators. This approach seems to make better use of the mechanisms already existing in Python. This code makes writing marshallers and unmarshallers for records very simple. One downside is that it hurts debugging a little bit. The stack traces you get when something goes wrong are more complicated than they would be if record marshallers were manually written out by the programmer. Another downside is that marshallers and unmarshallers are written separately even though for correct operation they must be kept in synch and basically encode the same information. A more complicated library could define pairs of marshallers and unmarshallers together and in fact I've tried this approach in the past.
All in all, I am happy with this approach and find it concise and very convenient for prototyping. Look what we've accomplished in just a few lines of code!

from itertools import chain

class Record(object) :
    def __init__(self, *args) :
        for f,v in zip(self.__fields__, args) :
            setattr(self, f, v)
    def toList(self) :
        return [getattr(self, f) for f in self.__fields__]
    def __str__(self) :
        fs = ', '.join('%s=%r' % (f, getattr(self, f)) for f in self.__fields__)
        return '[%s %s]' % (self.__name__, fs)

def encode(enc, x) :
    return ''.join(enc(x))
def encChar(ch):
    yield ch
def encNum1(x) :
    yield chr(x & 0xff)
def encNum2(x) :
    return chain(encNum1(x >> 8), encNum1(x))
def encNum4(x) :
    return chain(encNum2(x >> 16), encNum2(x))
def encFixedList(*es) :
    return lambda xs : chain(*(e(x) for e,x in zip(es, xs)))
def encRecord(*es) :
    enc = encFixedList(*es)
    return lambda rec : enc(rec.toList())

def decode(dec, binary) :
    return dec(iter(binary))
def decChar(it) :
    return it.next()
def decNum1(it) :
    return ord(decChar(it))
def decNum2(it) :
    return (decNum1(it) << 8) | decNum1(it)
def decNum4(it) :
    return (decNum2(it) << 16) | decNum2(it)
def decFixedList(*ds) :
    return lambda it : [d(it) for d in ds]
def decRecord(klass, *ds) :
    dec = decFixedList(*ds)
    return lambda it : klass(*dec(it))

Dear Microsoft,
  I want to use the software I paid for. More accurately, my niece does. We bought her a laptop a few Christmases ago. Now her computer is unusable, which is partly her fault (in the same sense that having graffiti on your car is your fault if you parked in a bad neighborhood). Now I'm helping her reinstall her system to give her a fresh start. Here's the rub: the laptop manufacturer didn't give her an install or recovery DVD with a copy of Windows Vista that we paid for when we bought the computer. (There's even a nice proof-of-authenticity sticker on the bottom of the machine with a license key!) The manufacturer has informed me that they will send me the recovery DVD at no cost, unless you count $24.95 shipping and handling. So this is the situation I'm in: I have to pay $25 and wait a week or two to reinstall a copy of Windows Vista that we already have a legitimate license to use. I'm failing to see what the Windows Genuine Advantage is here. It would cost me less and be less effort to find a pirated copy of the software on the internet and install that instead. Do you see the perverse incentive structure that exists?
With Love, Tim.

Erik released a new alpha driver for Marvell Yukon 2 Ethernet NICs.

From: erik quanstrom <quanstro@qua...>
Subject: yukon 2 alpha driver
Date: Sat, 16 Jan 2010 18:15:50 -0500

is anyone interested in testing a marvell yukon 2
driver?  i am currently working with a 88e5057
(1186/4b00, dge-560t).  but most single-port yukon 2
parts should work fine.  if so. please contact me
off list.

- erik

You can install it from contrib with

term% contrib/install quanstro/yuk

This will install two files, etheryuk.c and yukdump.h, into your /sys/src/9/pc directory.

Edit /sys/src/9/pc/pcf and add the following line to the list of Ethernet devices:

    etheryuk        pci

After that compile your new kernel by running

mk 'CONF=pcf'

Then copy the new kernel into /n/9fat and boot with it.

On my ASUS A8R32-MVP with 88E8053 chip the following new device will now show up:

#l0: yuk: 1000Mbps port 0xDFEFC000 irq 4: 00173137b3d3

I tested it during the last several days and it works great, good work!

Please send your feedback and bug reports to Erik.

Erik released a new alpha driver for Marvell Yukon 2 Ethernet NICs. (See his post at 9fans)

You can install it from contrib with term% contrib/install quanstro/yuk

This will install two files, etheryuk.c and yukdump.h, into your /sys/src/9/pc directory.

Edit /sys/src/9/pc/pcf and add the following line to the list of Ethernet devices: etheryuk pci

After that compile your new kernel by running mk 'CONF=pcf'

Then copy the new kernel into /n/9fat and boot with it.

On my ASUS A8R32-MVP with 88E8053 chip the following new device will now show up: #l0: yuk: 1000Mbps port 0xDFEFC000 irq 4: 00173137b3d3

Please send your feedback and bug reports to Erik.

It turns out that Microsoft knew about the IE vulnerability used in the GOOG hack since last September. They were planning on rolling out a fix in February. If the fix had been rolled out earlier, this particular attack might never have happened (but keep in mind, there are many unfixed vulnerabilities in all software!). So why such a long lead time between report and fix? Its due to a lot of factors, but I'm going to harp on one: responsible disclosure.

The computer security field has been fiercely debating how disclosure should be handled for quite a long time. In the "good old days" there was a cabal of security professionals who shared new found vulnerabilities only with each other and vendors. This was nice if you were in the cabal (think of how easily you can impress your clients if you're a security auditor with access to a large number of unfixed vulnerabilities). Unfortunately it meant many bugs were not fixed for long periods of times. It also made it very hard for newcomers to learn about security and enter the field. In a backlash a large number of security researchers turned to full disclosure policies: when they found a bug they told everyone about it, often including details of how to perform an exploit. This means vendors, good guys and bad guys all got access to this information. This was great if you were a bad guy, or if you were a good guy without access to the cabal. It also put a lot of pressure on vendors to fix vulnerabilities ASAP. Vendors did not much care for this. They pushed for another model called responsible disclosure in which vendors were given advanced notice and only after a reasonable amount of time or when a fix was available would the full details be given to the public. So these are three prominent points on a continuum of disclosure policies, and where you stand on this line is often a matter of religion. So much so that the proponents come up with loaded terms such as "responsible disclosure" to imply that those who don't hold the same view are some how irresponsible.

So back to my point -- the vulnerability used in the google hack was reported to MSFT back in September. They realized this was a very important bug, but decided to release a fix in February, five months later! Clearly "responsible" disclosure gave MSFT a lot of flexibility in postponing the release of this fix. Once the details of the hack were released, MSFT scrambled to issue a release in a much shorter timeline. Did responsible disclosure work well in this instance?  I would argue "no". Would full disclosure have worked better? Possibly, but keep in mind that while a fix would have been available much quicker, many more attackers would have had access to this information during that shorter amount of time.

By the way, how did the attackers get access to this exploit? Have attackers penetrated MSFT? Do they have insiders working at MSFT who have access to the vulnerability database?  If either of these are true, then I would argue that responsible disclosure gives the advantage to these attackers. I also wonder if a country as powerful as China has insiders working at many of our top software companies. The tech industry employs many Chinese nationals.  I don't mean to imply that they are all agents of their government, but it would not surprise me if there were a few agents in the mix. I'm not sure there's a great way to defend against a threat like this. Software is so full of security holes, and a company usually has a large database full of software bugs found internally or reported by external customers. Often times the full impact of a bug is not known and important security bugs are left unpatched for years.

Wow, what a news day today.

• Obama pushes new bank regulation to limit risk taking by banks preventing commercial banks from engaging in proprietary trading
  
• Pakistan says it won't cooperate with us.
  
• A commercial flight is diverted when passengers freak out at the sight of jewish prayer!
  
• Hillary Clinton asks China to investigate the google hacking incident, upping the pressure on China.
• The music industry is trying to blame piracy for the death of culture. Go figure.
• The supreme court overturns campaign spending limits. Apparently banning companies from making large donation is some sort of illegal government censorship. Its amazing what sort of constitutional rights you have when you're a corporation. You thought we were a corporatocracy before; you ain't seen nothin' yet. On the other hand, think of how much more advertising revenue media will get!
• The campaign to bring the bible to heathens at the point of a gun has been brought to an end.
• The wife and daughter of John McCain have come out in favor of gay marriage. 

In lighter news, this is pretty cool! Turning your clothes into batteries (and not the matrix way).

Всем, кто хотел познать красоту acme, но не мог это сделать, посвящена целая серия видеоуроков, опубликованных в блоге http://thenewsh.blogspot.com. Ссылка.

The scariest asteroid you've never heard about:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" height="264" width="400"><param name="flashvars" value="webhost=fora.tv&amp;clipid=8779&amp;cliptype=highlight"><param name="allowScriptAccess" value="always"><param name="allowFullScreen" value="true"><param name="movie" value="http://fora.tv/embedded_player"><embed allowfullscreen="true" allowscriptaccess="always" flashvars="webhost=fora.tv&amp;clipid=8779&amp;cliptype=highlight" height="264" pluginspage="http://www.macromedia.com/go/getflashplayer" src="http://fora.tv/embedded_player" type="application/x-shockwave-flash" width="400"></embed></object>

Have a nice day!

Here's a three part introduction to the Acme environment in Plan9. Acme's an editor, a file browser, a paned text user interface a shell environment, and more. It's small, simple, elegant and extensible. A lot of people are put off by it when they first try it since it is so foreign and its not obvious how to use all of its features. This short video series shows some of the features of Acme and how it fits into the Plan9 environment.

<object height="265" width="320"><param name="movie" value="http://www.youtube.com/v/dopu3ZtdCsg&amp;hl=en_US&amp;fs=1&amp;"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed allowfullscreen="true" allowscriptaccess="always" height="265" src="http://www.youtube.com/v/dopu3ZtdCsg&amp;hl=en_US&amp;fs=1&amp;" type="application/x-shockwave-flash" width="320"></embed></object>

<object height="265" width="320"><param name="movie" value="http://www.youtube.com/v/2vjD_B__SbQ&amp;hl=en_US&amp;fs=1&amp;"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed allowfullscreen="true" allowscriptaccess="always" height="265" src="http://www.youtube.com/v/2vjD_B__SbQ&amp;hl=en_US&amp;fs=1&amp;" type="application/x-shockwave-flash" width="320"></embed></object>

<object height="265" width="320"><param name="movie" value="http://www.youtube.com/v/cR96WQ6OR00&amp;hl=en_US&amp;fs=1&amp;"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed allowfullscreen="true" allowscriptaccess="always" height="265" src="http://www.youtube.com/v/cR96WQ6OR00&amp;hl=en_US&amp;fs=1&amp;" type="application/x-shockwave-flash" width="320"></embed></object>

This is huge. Google is going to stop censoring in china, which may lead to it closing up shop there. http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

I'm working on a new protocol. To ease development I am splitting up the work into two parts. First I'll worry about the protocol semantics and content and then I'll figure out the encoding. (Leave aside for a moment that you should never totally ignore the encoding when developing a protocol; I have some experience, so its in the back of my mind as I go along). I still want to write code to test this thing out. Luckily I can do this pretty easily in python without nailing down a concrete encoding by using dictionaries and the pickling library:

def send(s, **kw) :
      s.send(pickle.dumps(kw))
  def recv(s) : 
      return pickle.loads(s.recv(64*1024))

I'm using UDP so I get natural message delimiters. If this was TCP I'd have to wrap the pickled data with a delimiter somehow (ie. prepend a length field). Now sending and receiving messages is straightforward:

send(s, foo=1, bar="test", priority="utmost!", flags=SYN|ACK)
  m = recv(s)
  print m['priority']

And to make field access a little easier I define a message object so I can use field access instead of dictionary indexing. It also gives me pretty printing:

class Msg(object) :
    def __init__(self, *kw) :
        self.__names__ = kw.keys() 
        for n,v in kw.items() :
            setattr(self, n, v)
    def __str__(self) :
        attrs = ' '.join("%s=%s" % (n,getattr(self,n)) for n in self.__names__)
        return '[Msg %s]' % attrs
    __repr__ = __str__

def recvMsg(s) :
    return Msg(**recv(s))

m = recvMsg(s)
print m.priority

print m

So now I can write my protocol in terms of message fields, leave the details of field encoding to later and still have an executable prototype to play with.

btw, anyone know good code formatting options that are compatible with blogger.com (besides http://code.google.com/p/syntaxhighlighter/ which looks pretty god awful ugly)?