Jan 8, 2009

After sitting through Expelled, I felt the need to cleanse my intellectual palate. Thankfully I had Bill Maher’s Religulous to watch. Coming across like a mongrel of Borat and An Inconvenient Truth, it’s an alleged documentary, played for laughs. And chunks of it are indeed very, very funny - the Cannabis Ministry guy comes to mind.

Consisting mainly of Maher tracking down the more comedic elements of out-there religion, it’s a wonder he
got most of these people to sign the release forms. I’m especially thinking of the senator who admitted he
was religious because he was stupid. Maher uses his incredulity at these people’s beliefs for humour, and he
does it rather well. It’s not the kind of film that’s supposed to make a serious point, though of course it does.

Particular highlights for me were the Vatican priest who dismissed Hell as a “silly idea”, and the Professor
Frink style inventions of The Institute for Science and Halacha, devoted to technology to work around the absurd orthodox Shabbat rules (cue the pneumatic wheelchair).


My Stuff Of The Year

Dec 21, 2008

Yes, it’s a pointless end of year list! In no particular order.
Much of this stuff is by no means new in 2008, but it’s all new to me in 2008.

Sailor Jerry’s

Old news to most by now but the popularity of combining this vanilla-flavoured rum with coke and ice has yet to wane.


Imported via a visit to Helsinki earlier in the year, Fisherman’s Friend Vodka (both its name, and its recipe) took the world* by storm, and continues to delight.

Helsinki Travel Theodolites

Jim Beam’s, Disaronno, Coke, Ice and a slice of lime.

David Thomas Broughton versus 7 Hertz

“Can’t afford a pasty from Gregg’s bakery”. Still loving this album. His singing voice is an acquired taste, but I acquired it. I also admire anyone who doesn’t let their equipment blowing up stop them putting the song onto the CD.

Nick Cave And The Bad Seeds - Dig Lazarus Dig

Reminded me that I do actually really like Nick Cave.

Cut Copy - In Colours

Uncomplicated but enjoyable electro. A New Order I like.

Primal Scream - Swastika Eyes (live)

Entire audience hated it, but it was the only good bit in the whole gig. Still think they’re crap.

Trentemoller @ The Big Chill

I knew he’d be astonishing, because all his productions, and all his remixes, are astonishing. He was.

Leonard Cohen @ The Big Chill

The world is thanking his bent accountant for this tour.

There Will Be Blood

It’s not exactly a stretch for me to like a Paul Anderson film, but still…


To my shame, I saw the film before the book, but I thought both were brilliant. Yes, even Keira Knightley.

No Country For Old Men

I was expecting to be bored crapless by this but was mesmerised instead.

The Shield Season 7

This final season knocked this back up to seriously rival The Wire for best thing ever. The entire season exulted in reminding you that Vic Mackey was a truly horrible person.

Sons Of Anarchy

A drama about gun-running Californian bikers sounds dumb, but this was brilliantly done. For some reason I kept being reminded of Cher though - that is never good.


Very, very, good restaurant 2 minutes from my flat == yay.

Try Thai

Very good value, with excellent battered scallops, in Chinatown (if you can call a single square a town (which you can’t, Manchester - sorry)).

The Deaf Institute

Well done for opening, Trof 3!

Sam Smith’s Organic Ale

I drank way too much of this.

Allgates Shining Light

And nowhere near enough of this.

OpenSolaris 2008.11 guest domain on a Linux dom0

Dec 11, 2008
My previous blog post described how to install OpenSolaris 2008.11 on a Solaris dom0 under Xen. This also works on with a Linux dom0. However, since upstream is missing some of our dom0 fixes, it's unfortunately more complicated. In particular, we can't use virt-install, as it doesn't know about Solaris ISOs, and later on, we can't use pygrub to boot from ZFS, since it doesn't know how to read such a filesystem. Bear with me, this gets a little awkward.

This example is using a 32-bit Fedora 8 installation. Your milage is likely to vary if you're using a different version, or another Linux distribution. First some of the configuration parameters you might want to change:

export name="domu-224"
export iso="/isos/osol-2008.11.iso"
export dompath="/export/guests/2008.11"
export rootdisk="$dompath/root.img"
export unixfile="/platform/i86xpv/kernel/unix"

If you're on 64-bit Linux, set unixfile="/platform/i86xpv/kernel/amd64/unix" instead. We need to create ourselves a 10Gb root disk:

mkdir -p $dompath
dd if=/dev/zero count=1 bs=$((1024 * 1024)) seek=10230 of=$rootdisk

Now let's use the configuration we need to install OpenSolaris:

cat >/tmp/domain-$name.xml <<EOF
<domain type='xen'>
 <bootloader_args>--kernel=/platform/i86xpv/kernel/unix --ramdisk=/boot/x86.microroot</bootloader_args>
  <interface type='bridge'>
   <source bridge='eth0' />
       If you have a static DHCP setup, add the domain's MAC address here
       <mac address='00:16:3e:1b:e8:18' />
  <disk type='file' device='cdrom'>
   <driver name='file' />
   <source file='$iso' />
   <target dev='xvdc:cdrom' />
  <disk type='file' device='disk'>
   <driver name='file' />
   <source file='$rootdisk' />
   <target dev='xvda' />

And start up the domain:

virsh create /tmp/domain-$name.xml
virsh console $name

Now you're dropped into the domain's console, and you can use the VNC trick I described to do the install. Answer the questions, wait for the domain to DHCP, then:

domid=`virsh domid $name`
ip=`/usr/bin/xenstore-read /local/domain/$domid/ipaddr/0`
port=`/usr/bin/xenstore-read /local/domain/$domid/guest/vnc/port`
/usr/bin/xenstore-read /local/domain/$domid/guest/vnc/passwd
vncviewer $ip:$port

At this point, you can proceed with the installation as normal. Before you reboot though, we need to do some tricks, due to the lack of ZFS support mentioned above. Whilst still in the live CD environment, bring up a terminal. We need to copy the new kernel and ramdisk to the Linux dom0. We can automate this via a handy script:



root=`pfexec beadm list -H |  grep ';N*R;' | cut -d \; -f 1`
mkdir /tmp/root
pfexec beadm mount $root /tmp/root 2>/dev/null
mount=`pfexec beadm list -H $root | cut -d \; -f 4`
pfexec bootadm update-archive -R $mount
scp $mount/$unixfile [email protected]$dom0:$dompath/kernel.$root
scp $mount/platform/i86pc/$3/boot_archive [email protected]$dom0:$dompath/ramdisk.$root
pfexec beadm umount $root 2>/dev/null
echo "Kernel and ramdisk for $root copied to $dom0:$dompath"
echo "Kernel cmdline should be:"
echo "$unixfile -B zfs-bootfs=rpool/ROOT/$root,bootpath=/xpvd/[email protected]:a"

For example, we might do:

/tmp/update_dom0 linux-dom0 /export/guests/2008.11
or on 64-bit:
/tmp/update_dom0 linux-dom0 /export/guests/2008.11 amd64

Now, you can finish the installation by clicking the reboot button. This will shut down the domain, ready to run. But first we need the configuration file for running the domain:

cat >/$dompath/$name.xml <<EOF
<domain type='xen'>
  <cmdline>$unixfile -B zfs-bootfs=rpool/ROOT/opensolaris,bootpath=/xpvd/[email protected]:a</cmdline>
  <interface type='bridge'>
   <source bridge='eth0'/>
  <disk type='file' device='disk'>
   <driver name='file' />
   <source file='$rootdisk' />
   <target dev='xvda' />

virsh define $dompath/$name.xml
virsh start $name
virsh console $name

It should be booting, and you're (finally) done!

Updating the guest

Unfortunately we're not quite out of the woods yet. What we have works fine, but if we update the guest via pkg image-update, we'll need to make changes in dom0 to boot the new boot environment. The update_dom0 script above will do a fine job of copying out the new kernel and ramdisk for the BE that's active on reboot, but you also need to edit the config file. For example, if I wanted to boot into the new BE called opensolaris-1, I'd replace these lines:

<cmdline>$unixfile -B zfs-bootfs=rpool/ROOT/opensolaris,bootpath=/xpvd/[email protected]:a</cmdline>

with these:

<cmdline>$unixfile -B zfs-bootfs=rpool/ROOT/opensolaris-1,bootpath=/xpvd/[email protected]:a</cmdline>

then re-configure the domain (whist it's shut down) via virsh undefine $name ; virsh define $dompath/$name.xml.

Yes, we're aware this is rather over-complicated. We're trying to find the time to send our changes to virt-install upstream, as well as ZFS support. Eventually this will make it much easier to use a Linux dom0.


OpenSolaris 2008.11 as a para-virtual Xen guest

Dec 10, 2008
UPDATE: the canonical location for this information is now here - please check there, as it will be updated as necessary, unlike this blog entry.

As well obviously working with VirtualBox, OpenSolaris can also run as a guest domain under Xen. The installation CD ships with the paravirtual extensions so you can run it as a fully para-virtualized guest. This provides a significant advantage over fully-virtualized guests, or even guests with para-virtual drivers like Solaris 10 Update 6. Of course, if you choose to, you can still run OpenSolaris fully-virtualized (a.k.a. HVM mode), but there's little advantage to doing so.

One slight wrinkle is that Solaris guests don't yet implement the virtual framebuffer that the Xen infrastructure supports. Since OpenSolaris doesn't yet have a text-mode install, this means that to install such a PV guest, we need a way to bring up a graphical console.

With 2008.11, this is considerably easier. Presuming we're running a Solaris dom0 (either Nevada or OpenSolaris, of course), let's start an install of 2008.11:

# zfs create rpool/zvol
# zfs create -V 10G rpool/zvol/domu-220-root
# virt-install --nographics --paravirt --ram 1024 --name domu-220 -f /dev/zvol/dsk/rpool/zvol/domu-220-root -l /isos/osol-2008.11.iso

This will drop you into the console for the guest to ask you the two initial questions. Since they're not really important in this circumstance, you can just choose the defaults. This example presumes that you have a DHCP server set up to give out dynamic addresses. If you only hand out addresses statically based on MAC address, you can also specify the --mac option. As OpenSolaris more-or-less assumes DHCP, it's recommended to set one up.

Now we need a graphical console in order to interact with the OpenSolaris installer. If the guest domain successfully finished booting the live CD, a VNC server should be running. It has recorded the details of this server in XenStore. This is essentially a name/value config database used for communicating between guest domains and the control domain (dom0). We can start a VNC session as follows:

# domid=`virsh domid domu-220`
# ip=`/usr/lib/xen/bin/xenstore-read /local/domain/$domid/ipaddr/0`
# port=`/usr/lib/xen/bin/xenstore-read /local/domain/$domid/guest/vnc/port`
# /usr/lib/xen/bin/xenstore-read /local/domain/$domid/guest/vnc/passwd
# vncviewer $ip:$port

At the VNC password prompt, enter the given password, and this should bring up a VNC session, and you can merrily install away.


The live CD runs a transient SMF service system/xvm/vnc-config. If it finds itself running on a live CD, it will generate a random VNC password, configure application/x11/x11-server to start Xvnc, and write the values above to XenStore. When application/graphical-login/gdm starts, it will read these service properties and start up the VNC server. The service system/xvm/ipagent tracks the IPv4 address given to the first running interface and writes it to XenStore.

By default, the VNC server is configured not to run post-installation due to security concerns. This can be changed though, as follows:

# svccfg -s x11-server
setprop options/xvm_vnc = "true"

Please remember that VNC is not secure. Since you need elevated privileges to read the VNC password from XenStore, that's sufficiently protected, as long as you always run the VNC viewer locally on the dom0, or via SSH tunnelling or some other secure method.

Note that this works even with a Linux dom0, although you can't yet use virt-install, as the upstream version doesn't yet "know about" OpenSolaris (more on this later).


BBC News

Nov 5, 2008

They’re using the phrase “a sense of” even more than they used to. They refer to “the sense of jubilation” in the Democrat camp, or “a sense of taking stock” amongst Republicans. Practically every other sentence uses this moronic phrase. There’s a real sense of lazy journalism at the BBC.

On the “moronic phrase” note: “Yes We Can” is just about the stupidest campaign slogan ever.

Also, the election coverage on the BBC was surprisingly biased. Way too many left-leaning talking heads, very
little positive coverage of the McCain campaign. It wasn’t Fox News, of course, but it was bad: I expected better from the BBC. It was almost worth it to see John Bolton nearly explode with anger though.

You did it...

Nov 5, 2008

Dear America: well done.

Apostrophe Abuse Overload

Oct 29, 2008


Christian Voice kooks on the atheist bus

Oct 23, 2008

“People don’t like being preached at.”


“But in a twist which will have Christians in gales of laughter, the advertising campaign…is to be stuck on bendy-buses.”

May I suggest first that said Christians perhaps need to get out more, and second that “gales of laughter” doesn’t seem like a very Christian response?

“fellow humanists, not known for their generosity, wouldn’t stump up the cash.”

Aren’t you guys looking a little silly now?

Press release.

More Broccoli News

Oct 22, 2008

I’m not sure why this loathsome stuff is so much in the news these days.
You might not think it loathsome. Think again.

Programmatic VNC password setting

Oct 22, 2008

I had this problem recently: I was generating automatic VNC passwords via /dev/urandom, and needed to obfuscate them. Stupidly, vncpasswd is only interactive, and I wasn’t in any kind of mood for hacking up the sources. A co-worker kindly pointed me to the solution:

printf “%s\n%s\n” “$PASSWD” “$PASSWD” | vncpasswd /tmp/vncpasswd

In my head, the use of getpass() means this couldn’t work, but it does. It doesn’t appear to be on Google, so I thought I’d mention it. Of course, as all know, the obfuscation done by vncpasswd is entirely pointless, but Xvnc at least will only take such “encrypted” password files.