A quick note on integrity
I recently learned a few very important things about human nature. I'm not going to tell you what they are right now, since I haven't quite figured out how to explain it all yet. Soon.
In the meantime, I'll give you a hint: I had a related character in my novel from November 2006. Here's the chapter that introduces Marjorie, a marketing executive who doesn't quite understand what integrity means.
Neither did I, at the time.
My test framework isn't abstract enough!
The problem with test frameworks is that there are too many of them. Okay, I can buy that. Solution: an abstraction layer so you can write tests using a single syntax to run in any framework!
I thought I might try to make fun of this, but as I read on, I felt that it's not really necessary after all. Check out the cool diagrams.
Running Linux on your Linksys WRT54GS v7 Router
- DISCLAIMER: This worked for me, but I can't guarantee success.
Replacing your router firmware definitely voids the warranty. Please
don't return your router to the store if you break it, because that
just encourages hardware designers to make it harder to replace the
I finally got tired of the extremely limiting firewall settings and random crashes I got with stock router firmware and decided to try my luck with a Linux-based one. So I went to the store and picked up a new Linksys WRT54GS, which I knew is supported by Linux. It turned out to be a v7 (16 megs RAM, 2 megs flash), which most Linux router distros can't do... bummer.
Luckily, a special "micro" version of "dd-wrt" works great. I followed the special WRT54GS v7 instructions from their site to install dd-wrt.v24_micro_wrt54gv8.bin (note how this one was made for v8 hardware, but also works fine with v7).
Before I found this (eventually successful) process, I accidentally tried upgrading to the wrong version of dd-wrt, which seemed to "brick" my router. I recovered thanks to Unbrick your Linksys WRT54GS v7 by "Valiant."
None of the instructions I found really explain why you're doing anything. As a computer engineer, I find this a little frustrating, because when the instructions don't work verbatim, I have no idea where to begin troubleshooting. I'm sure that information is around somewhere, but apparently not in the official docs. So here you go:
What really happens when you replace your WRT54GS firmware
Here's what's really going on:
The original system (hardware models starting with v5) is based on VxWorks, not Linux. It includes a web UI that will check the checksum of anything you upload.
Step 1 is to deliberately break the VxWorks installation so that the bootloader will fail at startup time and accept other kinds of images. This is the purpose of the "vxworks-killer.bin" referred to in the official instructions.
When the bootloader has a heart attack, it will reset back to listening on 192.168.1.1 for tftp. You can use any tftp client to send it an image that you want it to try loading; it reboots automatically after the transfer is complete. Despite rumours, it takes only a few seconds to save a new image to flash, so you don't have to wait 2 minutes or anything ridiculous.
If your new image is "valid" but fails to boot (eg. if it's for the wrong hardware model), the system won't answer pings anymore and there's no way to tftp to it. This is the state you're normally in when you need the "how to unbrick your router" instructions linked above.
The "unbrick" instructions are a very long and unclear way of explaining this simple fact: if you reboot the router while holding the RESET button, the bootloader will sit for 10 seconds in its tftp-receptive state (192.168.1.1, accepting tftp connections) before starting to load the real OS. If you hardcode your workstation to 192.168.1.x and continuously ping 192.168.1.1 while rebooting with the RESET button pressed, you'll see that about 10 pings get through.
So the trick is to tftp the file during that 10 seconds. Basically, run a ping in one window, and be ready to hit "enter" to launch the tftp command in another window. Reset your router. When you see the first pings start to come back, launch the tftp right away.
Once you understand all these steps, you can understand something important: it's very hard to break your router through experimentation! The worst you can do is load a totally invalid image via tftp... and if that happens, you just do the RESET-ping-tftp trick to replace it with a different one.
This is a nice design. Congratulations, Linksys and/or Broadcom, for putting a safe bootloader into your routers.
Update 2008/02/18: I forgot to mention one important thing: the "micro" version of dd-wrt is surprisingly full-featured. It wasn't missing a single thing that I expected my router to be able to do; I'm not even really sure what's supposed to go into the non-micro versions. So I wholeheartedly recommend it and encourage you not to think of it as "stripped down" or "low-end" like I thought it would be.
Dnsmasq is awesome
Yesterday I wrote about upgrading my Linksys router to dd-wrt. I'm very happy with the upgraded software; dd-wrt isn't exactly user friendly, but it's very powerful and it's Linux, so I can make it do what I want. And it's certainly much more user-friendly than I expected.
Related to that, I just wanted to tell you about dnsmasq, a very cute little application that I hadn't heard of before I tried dd-wrt. It's a combined DHCP server and DNS server/forwarder that's custom-built for little local NAT routers, and it works great. Basically, it registers a hostname (instantly!) for every machine that requests a name from its DHCP server, which means your LAN always has valid DNS service. Modern DHCP clients (Windows, MacOS, and most Linux) include the configured hostname in the DHCP request packet, so you don't have to do anything by hand.
It's extremely cool. They also seem to be good about handing the same IP to a given MAC address each time, so you're not needlessly hopping around the LAN when you unplug/replug the ethernet cable.
As a major bonus, you don't have to run the extremely suspicious ISC DHCPD and BIND daemons, which both are increasingly badly written as time goes on, and which have both been subject to major security flaws in the past. You also don't have to run djbdns, which is great but has insane license restrictions.
With these two features combined, you get everything I was begging for about a year ago when I wrote Please, please, steal my idea! In other words, the DHCP/DNS server hacks we put into Nitix are now obsolete.
Update 2008/02/18: pmccurdy tells me that djbdns (and qmail, for that matter) are now in the public domain, so that reason for avoiding djbdns is now moot. Cool! Of course, djb can't help but take a final stab at our sanity by only posting the license on his web site, not in the packages themselves. He could change his web site at any time, making it trickier to prove in court exactly what license he gave you. (That said, I've never heard of djb doing anything underhanded, so it's rather unlikely you'd end up in court.)
Market trumps team and product
Paul Buchheit (the original designer of Gmail) agrees with Marc Andreessen that given the choice between a great team, a great product, or a great market, the most important thing is the market.
He also goes on to describe a few examples (Segway) in which brilliant technology development by a great team resulted in failure because nobody wanted it.
I've been through that one myself. But how does a brilliant team with the proven ability to develop great products tune into markets where their work will be valuable? Hmm...
Random Gmail Tips
A few people have been amazed when they saw me do this lately, so I guess it's not common knowledge: you can enable keyboard navigation in Gmail. It lets you scroll around messages, tag things, archive things, etc without using the mouse, and it's awesome. Official Instructions for Gmail Keyboard Navigation.
Also, I recently discovered the It's All Text addon for Firefox. It lets you optionally edit any textarea in your favourite text editor - and that includes Gmail. Very cool if you're sick and tired of proportionally-spaced blurry textarea fonts that make "i" look almost exactly like "l".
A quick note on desperation
- A: [...] This is what's driving the incredible salaries of CEOs: let's
just offer these people a ton of money based on their performance and stock
performance, and they will really be driven to do well. But does being
driven to do well actually help you do your best?
We came up with a couple of tasks that demanded creativity, thought,
concentration and memory and so on, took them to India, and got people to do
them and paid them based on their performance. Some people we paid a small
amount: if you do this well, you get an hourly wage, if you do it very well,
you get two hours' wages. Some people we paid a month's wages; some people
we paid six months' wages. What we found was that when more money was at
stake, people really tried harder, but actually performed worse.
A: Or think about the even worse version: in the experiment, we gave some of
the people the money upfront, then said, "If you don't do well, you'll have
to give it back."
Q: Were they even less creative then?
A: Oh my goodness, they hated it! Two people ran off with the money. We had
to stop doing it.
When people are desperate to succeed, they can do some terrible things that are actually counterproductive in the long term. You might know some people like that yourself. I certainly do.
Businessspeak of the week: "Shrinking IT budgets"
Shrinking? Since when?
I see these words creeping subtly into marketing documents and news releases without any justification. It seems that everyone and their cat is willing to charge me thousands of dollars for IT spending trend surveys, but here's a quote from one of their synopses:
- ...we suspect that IT executives in end-user organizations prefer
the more measured growth in IT spending that today's economic conditions
Ooh. "More measured growth." I don't think that counts as shrinking.
A note on liars
Aha, social skills! No wonder geeks are unusually honest!
ssh+2FA to all your machines, anywhere, without opening firewall ports.