Dossy's Blog

OK, I don’t know how I possibly missed this, but last month Computer Associates has released its Ingres r3 database product as open source software!

Now, I’ve been using MySQL for many years, and have been recently considering using PostgreSQL in order to get features that MySQL is still lacking (views, stored procedures, etc.) — but now, I can use Ingres instead!

You can download Ingres r3 today! (Requires free site registration.) The current source tarball is ~76MB. I’ll be downloading it tonight … expect to see an AOLserver nsingres module soon.

I don’t know if you can tell … but damn, I’m excited …

Kelly Burgener wrote an article for Speak Up, a discussion blog for graphic designers, titled Pornography Perils. I couldn’t resist the urge to leave a comment, which I’m going to repeat here as well:

“an industry of extreme manipulation, coercion, profiteering, and addiction”

Sounds like the Advertising and Mass-media industries, which designers hone their skills to participate in.

Frankly, the business of sex (which includes pornography) has always driven the economy. To try and undermine it is like cutting off your nose to spite your face.

“Like most designers, I believe that graphic design can be a powerful tool against ignorance, exploitation, and manipulation.”

You want to help change the world? Spend your effors to counter the products and by-products of the mass media. The hate, ignorance, manipulation and fear it promotes.

Only then, will our largely ignorant, fearsome and manipulated population not feel the need to turn to the sex business for comfort, solace, entertainment and escape.

David S. Miller, a world-reknowned Linux kernel hacker, key contributor to the sparclinux/sparc64 port, and all-around nice guy, wrote to debian-sparc a great message that starts:

You can laugh and call it Wintendo all you want, but even the I/O performance of modern x86 (and Opteron) systems blows Sparc away.

Later on, he writes:

[...] If I’m setting up a high end web server,
I don’t think I’d be using Sparc thanks

If I wanted a fast machine with good cpu performance and a fast disk
and networking, I’d get a 3+ Ghz Xeon or an Opteron with PCI-X or
perferably PCI Express. [...]

Read the whole message to get a good explanation of why he feels this way and the numbers behind his assertions.

Okay, I’ve gone and implemented some ghetto user registration functionality and hooked it up to the blog’s comment submission code, so you can leave comments on the blog again!

If you run into any kinks or errors, well, please let me know by sending me email. Thanks!

Back on August 7th, Nathaniel Haggard reports a problem with nsopenssl where it repeatedly sends a bunch of stuff into the server log. Janine Sisk confirms that she is also seeing the same thing. However, neither were really able to put a finger on why it was happening or how to reproduce it, so I couldn’t really do much about it at the time. On August 12th, I identified one issue with the sample config. that ships with nsopenssl having to do with “SSLv2″ being omitted from the “protocols” list but being (incorrectly) included in the “ciphersuite” list which would result in the server crashing when SSL clients attempt a SSLv2 connection. But, this wasn’t the root cause of the problem.

Then, almost a week later on August 18th, Bruno Mattarollo brought up the issue again, but this time was different. Bruno indicated that he was able to reproduce the problem fairly reliably! He said,

What I did, that
triggered the error was click on a link and immediately click on
another link without giving the server time to actually return the
page, so I guess what’s happening is that there is no socket for
nsopenssl to send the results to … right?

Bruno and I spent the next few days trying to diagnose the problem — he even blogged about it. Along the way, I found some other unrelated issues which I logged at SourceForge in Bug #1012892 along with patches against AOLserver 4.0.8a and 4.1.0a that address them. However, continuing to try and get at the root cause of our nsopenssl issue, I realized that fixing the problem would not be a trivial change. The nsopenssl code needed some serious clean-up — I was having a hard time getting a grasp of what it was doing (or, more importantly, what it wasn’t doing).

So, today, I sat down and began to clean up the nsopenssl code. After several cigarettes and some head-scratching, I got the code to a state where I could really start tracing it in the debugger and see what was happening. And, what I found was that when the remote client abruptly terminates the SSL connection, the server notices (because SSL_write() fails) but because the browser requested an HTTP Keep-Alive connection, the server returns the connection to the pool to read the next HTTP request. When it goes to read, it fails on SSL_read() (because there’s no peer connected) and so begins the error loop. I managed to clean up the code and ensure that when an error occurs, we mark the SSL connection as “shut down” so the driver knows not to use it for Keep-Alive and thus will properly close the connection. I announced the fix at 4:13 PM today, and around 9:01 PM, Bruno logged in, applied the patch to nsopenssl, tested and verified that he can no longer reproduce the problem!

I’m going to wait a few days for others to apply and test the patch, then I’ll commit the patches in Bug #1012892 to CVS. Noah Robin asked if a similar fix could be backported to nsopenssl 2.x which I said could be possible if folks verify the fix to nsopenssl 3.0 to be complete, that I would look into backporting the fix.

Overall, I’m hoping this makes nsopenssl 3.0 beta stable enough for us to consider the upcoming nsopenssl 3.0 beta 22 a release candidate. We’ll see …