The blog of Karl Majer…

So I’ve had an iPad for a week now. I’m one of those that pre-ordered the device shortly after they were available on the Apple store. I thought I’d take a moment and jot down my thoughts on the device in no particular order.

Context is everything with this device. If you were hoping to replace a laptop or skip out on getting that netbook by buying an iPad, I’m afraid you’re in for a rude awakening. I have gotten in the habit of reading technical manuals on my laptop prior to going to bed at night. I wanted to simplify things and purchase something smaller and lighter to let me continue my light reading in the evenings. I contemplated buying a Kindle at first, but decided to hold off after Apple first made mention of their device.

With that point of view in mind, the device has been quite successful in meeting, if not exceeding, my expectations. I have iBooks, Kindle for iPad, and GoodReader for iPad installed on the iPad and between the three applications, there is little I cannot read. I do wish that the iTunes Bookstore carried technical books, but I can always pull down the kindle versions of those, or buy pdf versions and view them in GoodReader.

Just a quick kudos to the GoodReader guys. The app offers almost a dozen different ways to get data into it from your iPad. When I first tried it, I was having issues with the iTunes integrated sync, but then realized that the app has an integrated webserver that can be connected to as a network folder (I’m on a mac) and then it was literally just drag and drop. I’ve also have yet to find a pdf that it can’t open and read. Well done guys.

So, using the iPad as an ebook works splendidly. The screen doesn’t require ambient light like the kindle does, and the controls on the various readers let you adjust the brightness/contrast as needed. I’ve already chewed through a few books in my nightly habit of reading for at least an hour.

As to the bonuses, the iPad is just the right size to comfortably lay in bed and watch content from iTunes U. Some of the Stanford lectures are outstanding and are free as an added bonus. I have also found its just the right size to keep up with my RSS feeds that I tend to consume as well. And when I feel like relaxing, the free Netflix client (account required) streams a decent selection of movies right to me.

There are a few downsides. The iWorks suite that can be purchased is tolerable at best on the virtual keyboard. I’m used to Excel and so caught a double whammy with the mind shift to how Numbers does things, and not having a full keyboard for data entry. Keynote was actually the best of the three, I was able to throw together a quick presentation without too much effort, and Pages works fine for a quick note, but I wouldn’t want to try and take notes in a class or a meeting on the device. I can almost touch type on the virtual keyboard until I hit a need for a special character. Then you’re flipping to another keyboard screen to get access to those. They should really move the apostrophe to the first keyboard.

So as I said, based on what I intended to use the device for, the iPad exceeds my expectations. I know there are other people whining about not being able to code on it, and/or it still being limited because its running iPhoneOS instead of MacOSX (which would have absolutely rocked), but frankly, at the end of the day I’d rather read a book than stare at more code.

>>> Karl

Just a quick post to save others some time and a little pain:

OSX 10.6.2 + SCR3110 CAC reader + new GX4 CAC card == No love on OSX. Keychain sees the card as empty.

However, 10.6.2 + VMWare + win7-64 + reader + CAC card + IE works just fine without any of the add-on software used on XP. You’ll need to pass the reader through to the VM by clicking on the little USB icons in the bottom right.

On another note, a Verisign EAC Certificate loaded in your keychain will cause codesign to hang for 8-10 minutes while it asks oscpd to validate the cert. This also happens when you use Keychain Access to go try and figure out why its taking so long to sign things. Work around it by either dropping your network when you need to sign things, or more permanently, drop your network and then use Keychain Access to remove the cert altogether. Save yourself the pain and load the EAC cert directly into firefox and use that browser to access the EAC enabled sites.

And finally, if you have the reader plugged in with a card in it and try to sign an iPhone application you will probably get the error: CSSMERR_DL_MISSING_VALUE. Keychain Access on 10.6.2 recognizes the reader and if the card is plugged in, Keychain Access seems to want to try and use it for signing. Take the card out of the reader and try again.

>>> Karl

At a customer site I’ve had both the pleasure and pain of working with cfengine as a means to control the environment from a single touchpoint. The client decided to save the precious little time they had and to use readily available packages for the software instead of building the software from scratch. This resulted in mixed versions between the RedHat and Solaris machines with RedHat running the 2.2.x series code and Solaris on 2.1.x. What followed over the months were several exercises in frustration.
Cfengine was picked after an evaluation showed that it was capable of updating system files across machines and pushing files from the repository to the individual hosts. With the proof of concept working and with high hopes from the functionality referred to in the documentation, cfengine was rolled onto the network.
The first task was relatively straightforward; insure that the staff member’s logins were always present in the sudoers file. The site was using several group aliases to define various sudoers functions, which leaded to order dependencies in the file. The solution found was to delete all of the aliases and groups definitions and re-add them each pass. This was found to work until it was realized that this would happen from cron every 15 minutes. Not quite what was hoped for. The configuration was ultimately altered to explicitly look for a lack of team members before beginning any of the updates.
The next task was to distribute a dozen or so files from the central repository to all 250 or so machines. This worked almost perfectly and required only a bit of tuning on the MaxConnections, MaxCfengins, and Splay time directives. The current challenge with this task now is to ensure that all of the installed machines do the pull on an update as it seems that occasionally some small percentage of them, typically Solaris, refuse to pull the files without some manual cfrun intervention.
An Editfiles directive is provided to allow the editing of arbitrary files. Using this for the next task, editing the crontab on linux was straightforward and linux cron noticed the change immediately. On solaris this was not the case. Editing the files was the easy part. After editing the file the cron daemon needs to be made aware of the change, and so either the process needs to be restarted or the crontab command needs to be used to reread the file. Unfortunately, the Process directive proved to be little use on the older cfengine and the Shell directive was used to write custom inline shell scripts to handle the stopping and starting of cron.
The most recent change to the network involved manipulating the fstab on both OSes, removing an NFS mount, and then changing the former mount point from a directory to a symlink. There is an Unmount directive that would have worked beautifully had it worked on both OSes. It worked fine with Linux, unmounting the FS and deleting the entry and directory for us. Sadly, on Solaris it did nothing. To promote overall consistency it was opted to do manipulations on both operating systems in the same manner. An Editfiles stanza was used to manipulate the (v)fstabs, while a long chain of shell commands to ensure that the filesystem was unmounted, the fstabs were edited, and the symlink was created. Each component set a success or failure flag to enable the script to proceed to the next step or fail and alert as the case may be. This is probably the most complex script used at the customer site.
I’m unable to say for certain how much of the pain with the software is caused by the mixed versions being used on the network. It could be that if there was time to build and upgrade the software across the machines to the same version that the problems would magically disappear. It could also be that while powerful and seemingly capable, cfengine does things in a slightly different manner than a sysadmin, making the would-be cfengine administrator configuring it have to double check everything they write. (An example of this is the symlink directive which uses target->source whereas the ln command uses source->target.) Documentation and error reporting for the product was also a challenge, especially with the mixed version. The version specific source was often referred to understand what an error means or to determine why a specific section of code was being ignored. Cfengine will remain in place at the customer site for the foreseeable future, as despite its issues it is still better than touching each machine individually. Only time will tell if a complete upgrade to a consistent version will remove some of the pain or if this is simply the way of cfengine.