Apple is selling two different models of their Dual G5 XServe: One 'Normal' model, and another 'ClusterNode' Model. They are pretty much the same, but the ClusterNode doesn't have things you usually don't need in a rack-mounted 1U server anyway: CD-ROM and VGA-Card. However, it is also limited to a single hard drive.

I guess Apple's reason is that in a scientific cluster computing environment, the node's local storage is insignificant - whereas on a real server you most likely want multiple (mirrored) drives.

However, the significant price difference (Dual G5 ClusterNode has the same price as the Single G5 XServe) made me ponder buying a ClusterNode and adding another drive.

Fortunately, the hardware is quite similar. It turns out that the Mainboard has three SATA connectors, and the space for the 2nd and 3rd IDE drive was left empty. Also, the Backplane for Apples hotplug drives is not fully assembled - it is missing the connectors for the 2nd and 3rd drive :(

So Putting the drive in place and attaching it via a fixed cable to the SATA connector is no problem at all. However, Power is a slight problem. The whole machine has not a single standard power connector, so my only remaining option was to solder some wires onto the drive backplane PCB. This is ugly, but well.. who cares ;)

I'll put some photos of the modification online soon.

This is good news, DaveM accepted all the 13 netfilter related patches that I had pending for 2.6.9. The patches included a number of optimizations, the ctstat, connection-based accounting, TCP window tracking, and some conversions to new in-kernel-API (seq_file, module_param).

Now let's hope that 2.6.8 will be released soon and we can start the 2.6.9 cycle...

After holding a BOF on GPL-Violations, and the traditional netfilter/iptables BOF, OLS ended with Andrew Morton's Keynote.

Obviously, there also was the traditional OLS Social Event at the Black Thorn Pub, which I left quite early in order to get some more work done on the ulogd2 flow accounting work.

The court handling the Sitecom appeals case has now released it's final opinion. For those of you who happen to understand legal German, the 20 page document is available as PDF. An English translation will be available soon.

At http://gnumonks.org/static/photos/ks2004/ are the group photos of this year's Kernel Summit. You obviously won't find me on those pictures, since I was behind the camera ;)

After some more in-depth study of the IPFIX IETF drafts, I finally started coding. Having written the first dozens of lines, I discovered that on an abstract layer IPFIX doesn't do something too different from my good old ulogd. Ignoring the minor difference that ulogd deals with individual packets and IPFIX with flows, the ulogd_iret_t structure is very similar to what IPFIX templates are trying to describe.

So I now forked a ulogd2 branch off the current ulogd subversion tree and started to reorganize the tree.

For more flexibility, I am going for a stackable plugin infrastructure, where the sysadmin can configure stacks like: ULOG->ulogd_BASE->flow aggregation->IPFIX-over-TCP-export or ctnetlink->IPFIX-over-SMTP-export.

I just started the boring job of merging 2.6.8-rc2 with patch-o-matic-ng... I'm happy that Jozsef, Martin and Patrick did this for the last couple of kernel releases. However, I need to get more into this job again in order to determine which patches still have to be submitted to the mainline kernel...

Expect some pom-ng breakage over the next couple of days...

OLS started today (well, it started with the official beer-drinking BOF yesterday night). Like at the kernel summit, there are massive problems with the wireless network, forcing me to operate in offline mode most of the time.

The presenters are apparently all running in slow motion, so I can allocate a small time-slice to listen to them and spend most of the time working on some code (conntrack-accounting/ipfix, qsearch, browsing through Rusty's patches). OLS thus starts more productive than I would have thought ;)

Had lunch with Daniel Phillips, who is now working on clustering infrastructure at RedHat. We detected a general shift from the 'everything is a filesystem' to 'everything is a socket' mentality.

I've written a patch to add 64bit packet and byte counters for both directions of every ip_conntrack. This should enable a clean and efficient implementation of flow based accounting, when combined with ctnetlink events and a userspace daemon picking up those events.

I need to study the IPFIX (IETF Working Group) specifications in more detail before writing the respective daemon...

The patch is apparently working, you can read the counters via /proc/net/ip_conntrack and also use a modified/extended/updated version of the 'connbytes' match.

So this was day one of the famous kernel summit. Apart from meeting lots of friends, this basically meant lots of in-depth technical discussions on various subjects.

Most noticeable were long discussions about the deficiencies of the power management API, problems with 3-level-page tables on AMD64, and last but not least: The first-hand technical information from AMD, Intel and IBM on their upcoming CPU generations.

My personal favourite (AMD) will be shipping dual core (not hyper-threading, but two real cores) CPU's by mid 2005. They share the same Hyper-transport and Memory interface, and therefore have to divide I/O Bandwidth between them.

Also had some interesting discussions with Jamal about netfilter performance and the future l3 generalized connection tracking (called nf_conntrack). Maybe I can talk him into attending the netfilter workshop for further discussion of his ideas.

There are various places in the kernel where we need to do some kind of pattern matching on the packet contents. Applications range from connection tracking helpers (looking for FTP PORT command, ...) over the 'string' match to intrusion detection systems.

Two years ago, Phillipe Biondi once came up with something called libqsearch. It implements a generic pattern matching API, supporting plugin based algorithm implementations.

I now took the liberty of porting this into a 2.6.x kernel, resulting in lots of changes that make my qsearch port now incompatible with what Philipe wrote. Anyway, I'm now in the process of combining this with Rusty's recent work on skb_walk() and skb_iter(), so we can pattern-match against a fragmented/nonlinear skb without any copy.

Getting to Portland (via Frankfurt) turned out to be no problem. But getting though Portland and to the reserved hotel was a bit problematic. Apparently there was a jam of MAX light rail trains, and we had to wait for quite some time before the journey could continue.

Then I decided to get off at Beaverton station. My assumptions was that at such a terminal, there would certainly be some cabs nearby. However, there weren't. Maybe I forgot that this is the U.S. and public transportation is not like what I'm used to.,

Anyway, I switched to the bus.

However, i went the wrong way. My destination was close to 158th Avenue, but the bus went to 185th Avenue. As it was getting late already, I decided not to go back by bus to Beaverton, but rather walk from 185th to 158th Avenue. Despite the hot sun (27 centigrade in the shade), my backpack and the suitcase, this was only a 40 minutes walk. This reminded me to hiking in southern France with the boyscouts ;)

Well, the hotel did not yet cancel my reservation, and after a cool shower and checking my email I went to sleep. Due to the jetlag I was awake at 3:30am. Not too bad, considering a 9 hour time shift.

Let's hope the trip from the hotel to the conference venue will be less complicated ;)

I still cannot believe it. After waiting only four months, the Dual G5 XServe has just arrived today. Unfortunately I'm leaving for a two week trip (Linux Networking Summit, Linux Kernel Summit, Ottawa Linux Symposium) tomorrow, so I don't really have any time to play with it.

Just had a quick look under the hood, and it seems like putting some additional drive in place isn't difficult at all. The Mainboard has three SATA connectors (two empty), and if you remove the front panel you can access the two empty 3.5" drive bays. The PCB for Apples hot swap bays is also present, but unfortunately missing the SATA and Drive connectors.

The only remaining issue is getting power to the SATA drive, but that should be pretty easy to find out...

So you might ask yourself why I didn't buy the non-ClusterNode in the first place? Because it's way more expensive and apart from those tiny details exactly the same hardware.

Another interesting part will be bootstrapping Debian/ppc onto that box - without any VGA board and only a serial console. Apparently there is no distribution that really supports installation via Serial console (even on x86)... despite being extremely easy to implement... *sigh*

Tomorrow I'll be hacking GSPC to support multiple data acquisition boards in one system. The main focus will be testing, since GSPC already contains the untested code for this. However, the vendor-supplied driver is hardly able to deal with this situation *lol*.

I doubt there are many readers who know about ESTIC. It is a multi-platform (Dos, Windows, Linux, *BSD, OS/2) configuration software for some ISDN PBX systems (ISTEC 1003/1008) that used to be common in the early to mid 90's in Germany.

The original vendor of the PBX went out of business long time ago, and the author of the ESTIC tool even removed his ESTIC homepage in 1997.

Anyway, I still have some of the old ISTEC boxes in use, even at friends places. It turned out that we needed to reconfigure one of these old boxes, so I took the source code (yes, it's open source) and made it compile with recent gcc. Jeez, I never liked C++...

So if anybody is interested in the patch to compile estic 1.60 with gcc-3.3.4 on Linux: it's located at ftp://ftp.gnumonks.org/pub/patches/es160src-linux-gcc3.3.4.patch.

I just put my new all-in-one fileserver [called 'sunbeam'] into production. It's a Athlon64 based system, with five 200GB SATA drives. Since there's now a working (but still unofficial) Debian AMD64 Port, I can even run a 64bit distribution on it. As far as production machines go, I have the policy to only run debian on them.

This machine replaces the old box [now called 'shiva'], (Athlon 1000 with eight hard drives 80-120GB] which now serves as main storage server for my network-wide backup system.

As new backup solution, I chose to use Bacula. The architecture just looks like the 'right thing'. The catalog is maintained in the SQL RDBMS of your choice, every to-be-baked-up machine runs a client (bacula-fd). A director running on one server then directs the clients to write their data to one or more storage servers of their choice. This now also means that I can have one centralized directore for three different physical locations (yes, my machines are spread over three distinct locations with low bandwidth interconnection). Every location just has it's own storage server :). Oh yes, of course, this is on-site backup to hard drives only. Won't help if my house went fire.

On Sunday morning the weather was fine (sun shining but not too hot), so I finally went to the Karlsruhe Hauptfriedhof (main cemetery) for some photo shooting. For those of you who don't know it yet: Photography [especially of historical cemeteries] is one of my hobbies.

To my big surprise, there were a number of beautiful graves, angels, statues, ... Normally 99% of all cemeteries in Germany look the same, since most of the graves are from 1950 to present - and apparently nobody has the money (and the taste) for something different than a standard grave stone.

Also, this was one of the first occasions to get some more experience with my new digital SLR camera, the EOS-300D. I really hope that the convenience of digital photography won't prevent me from still doing real chemical b/w photography... Especially with my lack of time, I fear this possibility.

Now you may be asking yourself: Where are the pictures? Well, I really want to show you all of them, but first I need to get the database-enabled photo repository finished. Stay tuned.

The annual LinuxTag... Germany's biggest Linux / Free Software event. Well, apparently I start to get bored by conferences, especially mostly end-user or sysadmin oriented ones. The only interesting part is meeting with old friends, talking to fellow developers, ...

Unfortunately no Brazilian Linux hackers present, so I ended up talking Portuguese to a German guy who lives in France ;) Discovered that my pt_BR is really really rusty these days. I should find myself some conversation classes at home in Berlin.

If it wasn't for Astaro (whose main office is in Karlsruhe), I guess I wouldn't have been at LinuxTag anymore.

I just received an email claiming that there is a proprietary shareware program called "DVDxDV" sold for USD 80. The author of the email claims that DVDxDV includes code from the GPL licensed liba52 project (formerly known as ac3dec).

While I didn't do any tests on this alleged infringement (yet), there seems to be more information about this issue on http://gpl-cowboy.blogspot.com/

Maybe I'll find some time to investigate soon...

As I became aware today, there is a new initiative for something like a Freedom of Information Act in Germany at pro-information.de.

Surprisingly, this apparently has not been communicated a lot, considering the small number of about 2000 signatures so far.

If you feel like Germany should enact a FOIA in order to give citizens, journalists and historians access to all kinds of files of the administration, please support support the pro-information campaign by signing it.

The German IT News Portal "golem.de" has just published an Interview with me, entitled "The freedom of the GPL has limitations".

I wish I had sometimes used less complex sentence structures - but hey, I'm not very used to give interviews anyway.

Sorry for you English speaking people out there. I would love to give that interview in English, but no English news portal asked for one ;)

I have just released iptables-1.2.11 and patch-o-matic-ng-20040621 on the netfilter homepage.

Seems like we'll never have an iptables release that doesn't introduce some severe bug that requires releasing another version immediately later. To some part, I blame the users. Seems like not enough of them try the CVS snapshots and report bugs back to us.

At the WOS 3 conference during a panel on the future of copyright, Prof. Eben Moglen (Columbia Law School, Chief Legal Counsel to the Free Software Foundation) honored our efforts to enforce the GPL within the German jurisdiction.

In the past I've been doing only chemical b/w photography, using SLR cameras from the mid-80s. Recently I decided to explore color photography, too - but certainly not with chemical film. Developing color prints in your own darkroom is way more complicated than b/w, and it requires to buy completely different equipment.

The entry-level digital SLR cameras have just gone below the EUR1000 line, so I decided to go for the Canon EOS 300D. Despite not having had much time for exploring it, the pictures it produces are really great.

The only thing I don't like is the physical quality of the case. Coming from metal cased chemical SLR cameras, the plastic case of the EOS 300D feels extremely volatile. Also, the lens frame made from plastic is really disturbing... I'm sure this camera won't last 20 years like my two existing chemical SLR's.

Maybe finally I'll also find some time to work on www.cemetery-photography.org - which is still empty at this point. Not that I'm lacking the [digitized] photographs, I just don't have the time to set up the website, design the templates, and so on.

I've been horribly busy during the last week(s), so I didn't even have five minutes per day to fill this weblog. Apparently things have now settled down and I will start to have some more time again.