Add to Google Reader or Homepage |
~ pjvenda / blog
$home . blog . photography

14 December 2006

surfing the wikipedia: from cavitation to the MOAB

Hi everyone,

I tend to do these things - start reading on a particular techie subject and next thing I know, hours passed I still have about 10 tabs to read of wikipedia articles.
I remember having done this with gas turbine technology (various types of jet engines, rotating engines, some theory, etc.), aircraft types and models, cpu types and architectures... etc.

Today I started looking up cavitation due to a recent conversation with a friend and went on to supercavitation, russian supercavitation torpedoes. Then I reviewed the ground effect, ekranoplanes, beriev Be-2500, Howard Huges' spruce goose and the Boeing Pelican. The Boeing Pelican is a potentially military device capable of carrying the daisy cutter and/or the MOAB (a.k.a. Mother of All Bombs).

This kind of dwelling through such a vast information source is something impossible before websites like wikipedia or how stuff works.

P.S.: I apologise for writing this post in 14 December 2006 and only posting it in 9 January 2007. I forgot to click "publish" and forgot all about the bog post.

Cheers, PJ.

11 December 2006

Switzerland was looking good last week

Hi everyone,

Last week, I have spent a few days with my girlfriend in Geneva, Switzerland and we easily agree that it is beautiful! The weather was very good - clear sky, not too cold (for portuguese standards and for December).

We didn't have much time to do sightseeing, but managed to walk for an afternoon around the city centre and some of its tourist attractions.
Starting from Rue de Carouge, we walked down to Place de Neuve, then to Place de Bel Air, passing the river Rhone. Then we turned to see the Rue de Rhone and the Rue Basse, walked to the edge of the lake Léman to see the Jet d'eau (which wasn't working that day) and stopped for a small rest. Then we followed back to the Place de Madelène and up into the Vieille Ville to see the Cathedral of St. Pierre. We stopped again for some hot chocolate at Bur Du Four and then went down the Ramp de la Treille back to the Place de Neuve and back home to Rue de Carouge.

Then we did (half) a tour around the lake Léman on the Swiss side from Geneva to Montreaux passing by Morges and Lausanne. That showed a wonderful succession of less urban landscapes.

Monday, our last day in Geneva, greeted us with rain showers of cold wet water (brrrrr!). Nevertheless we were able to shoot some pictures in the morning.

Now that we've got the taste of it, we can't wait to go back there on a summer for some serious sightseeing :) Perhaps 2008.

[none of these pictures were retouched apart for cropping and/or rotating and/or resizing. all photos were shot by me]

Cheers, PJ.

22 November 2006

bought myself a Wacom Graphire 4 tablet pen

Hi everyone,

I've just bought myself a new Wacom Graphire 4 tablet pen. For those that don't know what it is, a tablet pen is essentially a replacement for the mouse in the form of a ballpoint pen. It's a little more than that - it has a base pad (much like a mouse pad) eventually with some buttons and the pen itself also with some buttons.

The tablet pen isn't designed to *replace* the mouse in every situation, but for image editing and creative digital art it's close to mandatory. Anyone serious about the quality of their digital art work (even amateurs like me) must have or at least try a tablet pen.

Now for installation, I went straight The Linux Wacom Project for configuration guidelines. The howto there is one of the most verbose and complete guides I've ever seen (which is generally a good thing, but can discourage some people) and after a couple of minutes, I had everything set up. No external drivers were used, I didn't have to (or want to) touch the included driver and software CDs and every feature of the Graphire 4 was recognized and available for me to use.
Yep, Linux is sweet!
(I'll be posting a quick configuration guide with all the steps I took on my website)

Next step is the actual purpose of the tablet pen - the almighty GIMP. I'm using the development version 2.3.12 and I just had to enable the extra available input devices. That was it! The pen pointer worked as expected, the "rubber" too (once the correct tool is chosen) and overall the experience is a surprisingly natural and precise control of the imaging software - even for the interface itself! I recommend this hardware device for everyone doing image editing or drawing on the computer.

There are downsides, however... GIMP has a very nasty bug (still uncorrected) that crashes when any tool being controlled by the pen in the "touchdown" (equivalent to click & drag) position reaches a limit of the image window. It will surely ruin hours of hard work. The problem is more serious with the rubber due to the accessibility of the buttons near the pen pointer and the function of the bigger button (drag image position) - with the pen pointer it's possible to keep using the pen away from the window edges at all times. Let's hope the stack traces get the developers to fix this as soon as possible:,

That's it for today,
Cheers, PJ.

06 November 2006

blog look

I know and agree that this blog looks terrible.
It will take a while, bit I'm working on improving it though. Hopefully CSS will do and I won't have to hack too deep into blogspot widgets.

stand by...

Cheers, PJ.

Sysadmin research

Lately, I've been doing a lot of sysadmin research (and work). In just a few days, I've installed spam filtering engines in several forms, email antivirus, a mail filtering gateway and a multi domain MX server (all virtual accounts) managed by a web application.

warning: this is a big one!

Anti spam and Anti virus mail filtering

First of all, I've installed mail filtering systems on two servers, with antivirus and spam detection. There are many ways to skin a cat and the most widely used ways to skin this cat are, at the moment, clamav and spamassassin respectively for antivirus and spam detection. Another aparently good spam detection software is dspam, which has a different aproach than spamassassin but is said to be much faster and offers a different set of features.

One of my servers was, until recently, running a netqmail installation with qmail-scanner running messages through clamav. It was a recent setup that was running well, despite my lack of experience with qmail. qmail-scanner was hard to get working with clamav due to some permission problems originated by bad distribution packaging. This particular software package filters every message, eventually holding attachments for quarantine and changes the messages a bit (headers and/or body) before returning them to the MTA (this is important!). Essentially it works as a transparent filter integrated with the MTA and that's the way I want it to run.

Integration of spamassassin/clamav with MTAs

Due to the different integration aproaches of dspam and spamassassin, I've decided to use spamassassin, and having it integrated with qmail-scanner was really easy, mostly because qmail-scanner supports it explicitly and enabling spam scanning is only a matter of changing a couple of configuration switches. So for this server, things were going well, I had transparent spam detection and antivirus scanning of incoming mail.

On the other server the running MTA is a postfix 2.2.10, so qmail-scanner would not be adequate (although not impossible). To get things working quickly, I did a simple procmail rule to filter my email through spamassassin's spamc/spamd and it's working. I left system wide autolearn with sensible score values (0.0 < no autolearn < 12.0) and per user bayesian databases can be used. Not the ideal solution, but it works.

:0fw: spamassassin.lock
| /usr/bin/spamc

To get a nice scalable solution for postfix MTA with spamassassin and clamav antivirus, I googled a while and found amavisd-new. amavis is a mail filtering tool that accepts email like an MTA with no queues and runs a chain of programs on each message. It's by no standards a new tool but I've never stumbled upon it before.

Mail filtering gateways

This solution is very apealing for mail filtering gateways, where there's a host that acts as a domain MX, receives email, filters it through antivirus and antispam software and just redirects sane mail (or all mail, depending on the defined policy) to the internal mail servers. What's good about this solution is it's scalability: The MX MTA can be a cluster of servers, the antivirus can be another cluster and the antispam filters can be a third cluster. Such setup can scale to massive processing power and fault tolerance with cheap hardware.
Following this idea, I decided to build such a beast on a virtual server, based on CentOS 4.4. I'm not a fan of CentOS, but it's currently the chosen Linux distribution at where I work, so it seemed appropriate. This mail filtering gateway is built from the following components:
- mta: postfix
- mail filter: amavisd-new
- antispam: spamassassin
- antivirus: clamav
I'll give some feedback on the process one I find enough time to finish it.

Multi domain MX server with virtual accounts

At work, I am currently responsible for building a multi domain MX server with virtual accounts. It has to rely on an LDAP directory for accounting and authentication, supply POP access and provide easy management.


The Linux distribution is automatically chosen - CentOS 4.4 - and I chose Postfix for the MTA service, openldap for LDAP service, cyrus-sasl for authentication library (hell), dovecot for POP access and Jamm for management service.

It's been fun to build an elaborated MX server such as this, but not everything went well. As far as I was able to debug, cyrus-sasl isn't talking to openldap and there aren't many alternatives to do authenticated relay on postfix. Also, Jamm installation was incredibly complicated, time consuming and, at the end, impossible.

The bad

Starting with Jamm; It's a java web application that deploys on tomcat. Although I never did this before, it shouldn't be that hard, but for CentOS 4.4, it is. There are no official tomcat rpms, so I had to use a third party mirror and install something around 76 packages to get tomcat working. After that, I was unable to build the Jamm application (due to some unmet versioning requirements, I guess) and couldn't deploy it. Sad but true. Why doesn't CentOS include a tomcat/java tools distribution??
One way to solve this is to deploy Jamm on another server, perhaps on a Linux distribution better suited for tomcat. Another way is to use phamm - an alternative interface written in php with even more features than Jamm.
About cyrus-sasl... the story isn't pretty either. There are no alternatives (which don't imply recompilation of postfix and manual integration with another sasl library) and the ldap authentication plugin isn't talking to openldap. I'll have to get this working one way or the other.

The good

On the upside, LDAP is working well and makes management potentially so simple! Dovecot is a fresh, actively maintained IMAP/POP implementation and Postfix is very rich in features that make things such as aliasing, virtual domains, tls negotiations very easy to setup.

Migrating IMAP/POP service

As a sidenote, for migrations between IMAP implementations, Dovecot needs some tweaking for compatibility with courier-imap namespaces. courier-imap aparently uses an implicit INBOX namespace that needs to be defined in dovecot configuration, otherwise it won't find existing folders. As a reference this is, at least, for dovecot 1.0rc10.
The following namespace should be defined in addition to the default_env
# Courier-imap compatibility
namespace private {
separator = .
prefix = INBOX.
inbox = yes

Service monitoring tool

Time to wrap up with a service watchdog tool: monit. monit monitors and acts on configured processes and/or files. Processes can be restarted if they somehow die, if thei're using up more than a specified resource limit, files and directories can be monitored for changes, etc. Events are, of course, notified and the system can monitor remote services via authenticated SSL tunnels (for example). Finally, there's a cool web interface to access all this lovely information. I have to say, I was impressed by the website and the tool looks damn good!

That's it for now,

16 October 2006

Experiment: Ubuntu Linux 6.10 Beta

Ubuntu Linux 6.10 is about to be released, and I've tried it.

I use linux for some years now and I've tried all the well known distributions: RedHat (6, 7), Debian (2.0, 2.2), Slackware (8), Mandrake (7), Gentoo (1.4+), Fedora (4, 5), CentOS (4.4)... and another set of Live CDs. I like to try out new distributions to see what's new and how are things going with Linux on the desktop.

The latest Ubuntu Linux project is currently in beta but the state of things is near-finish, if not because of the version: 6.10 -> 2006.October.
The Ubuntu guys make a very clear (and logic) warning about the distribution being beta and having the potential to break stuff, eventually causing data loss... But, the workstation where I run ubuntu is used as an internet terminal, game station, etc, so it hasn't got any important data.

So what's changed since the solid 6.06 release?
Lots of stuff! Lots of new, cool, eye-candy and friendly stuff!
For instance, there's Mozilla Firefox 2.0 RC2 and Gaim 2.0.0 beta3. Both recent, near finished, major releases of very widely used applications. The recent Gnome 2.16 desktop environment along with OpenOffice 2.0.4 RC are also some big and heavy software packages that make the change worthwhile.
Under the bonnet, I could find a new init.d system, a 2.6.17 kernel, Xorg 7.1 (with r300 dri driver and AIGLX support enabled, which I don't know how to take advantage of yet).

... but there is a lot more new stuff! See for yourself:

What upgrade?
I have to mention that there is a distribution upgrade procedure available for the 6.06 users, which worked well. The developers must have put a great effort into the upgrade system, and my experience was very positive. It worked well the first time I tried.
It pulled about 1GB of packages from the internet, installed everything in one go and rebooted. Done. Excelent!

Is it better?
Much better! The system works very well, detected all my hardware (like the 6.06, but I have no exotic stuff, so that wasn't really a big achievement), the desktop feels very well integrated and looks stunning - anti-aliased and sub pixel hinted fonts everywhere, applications load quickly (or so it seemed). This version kept the stuff that worked well and improved what could be improved. Newer versions of software and big UI improvements.

General idea
In my opinion, Ubuntu Linux *is* and deserves to be the best desktop distribution at the moment for 95% of the Linux user base.
I use it exclusively on my workstation at home for some time now, but my laptop, for my everyday work and fun, still runs Gentoo Linux and I don't intend to change it yet.

Use Linux, Have fun!

08 October 2006

Rails is sweet


I've been busy at work during the past few weeks. Not that I'm not usually busy, but this has been a "different" kind of busy. This is the fourth week in a row that I'm doing full time software development. I'm still a technical security consultant, but because I am one of the most qualified and, more importantly, available resources to do the job, I was the one that took the task of writing a web application for a project of ours.

After a little research, I and a colleague, came to a preliminary conclusion that ruby on rails would be the way to go. I've been curious about the (hyped) framework and wanted to try it out for some time, but now I had the perfect opportunity to learn and do some serious work with it. Of course, before rails comes ruby, but for people like me, another language isn't much more than just another syntax.

With the two bibles (the PickAxe or "Programming Ruby: The pragmatic programmers' guide" and the "Agile Web Development with Rails"), we got our hands dirty and before no time, a bigger-than-I-thought-possible-in-no-time application came to life.

Ruby is a very pragmatic language, with lots and lots of included libraries and tons of bindings to other languages and frameworks. It's elegant, easily readable(*) and allows for very quick and well structured software to rise - from simple things not much more than shell scripts to elaborated and sophisticated tools. The integrated testing framework, documentation tool, interactive ruby shell and the quick help tool complete a very good programming toolkit. I really really really like ruby now! It has my respect!

Rails is, like Eric Cartman would say, *sweeeeeet*. I've been thinking of tens of web applications I'd like to write in rails to assist me and to enhance my website. Rails is just too cool! It feels like developing apps just for the kicks - rails is *that* good!

For everyone that's on the edge of trying it out, here are some tips that came out of my experience:


Eclipse, with rdt for ruby integration and radrails for rails integration. I'd strongly advise developing with a subversion version control repository, integrated with eclipse via subclipse. The eclipse package manager allows the remote installation of all these tools. It's great!


MySQL. Local or remote - doesn't matter. Enough said.

Development Platform

This is, of course, a personal matter. Do your coding in whatever operating system you feel most confortable with. I use Linux.


I would recommend the reference paper books "Programming Ruby. The Pragmatic Programmers' guide" and "Agile Web Development with Rails".

Cheers, PJ.

05 October 2006

Coordinated blog launch and website update

Hi everyone,

I am oficially starting my personal weblog coordinating with a small update of my own website. After some initial setup (I've never blogged before) and some template and style hacking, it has reached a very simple but pragmatic and pleasing look; everything was carefully placed to maximise usability.

My website is a place where I introduce myself to the world and talk a little about me, my work, my hobbies, etc. It has several technical articles and other academic ones. The address?

I created this weblog because my website is getting updated less than once per month (essentially due to the necessary effort) and I wanted to share some thoughts more often. A blog implementation would surely take some fair effort and would certainly imply bugs and security issues (although I never minded reinventing wheels). This time, I decided to use a well established and free service like (or
[I'm still tweaking the layout, so expect some ocasional misplacements]

As for the content, well... I'm predicting that both website and weblog will have some technical stuff, although in time the website will be more on the techie side and the weblog more on the personal side.

So for now enjoy my website because there isn't much to see here yet.

Cheers, PJ.

03 October 2006

First post

Hello World!

This (hello world!) is the most portable computer program ever and very widely used to test things out here and there. Sounds like a good excuse for my first blog post.

Welcome to my new blog! Enjoy.