Ubuntu Console Locking Up

While I keep going back to Linux as my primary workstation operating system, all is not always rosy in Linux Land. Case in point; when I returned to work, my workstation's console was locked up.

I've been having that happen to me over the weekends for reasons I haven't figured out; the console is simply completely locked when I get into the office in the morning. Keyboard is dead. Display is frozen.

Hasn't happened on my home system, so I wonder if it's the graphics card...the system at work is an Intel chipset, and I recall there are some rumblings about it being crappy. The weird part is that I can secure shell into the computer and kill GDM in order to regain control of the computer. It kills my logged in session but at least I don't have to reboot. Indeed, I have no idea how long the system was locked up since I've been using the computer remotely using a VPN and secure shell without any indication that there was a problem.

These little quirks and annoyances are usually just that; minor annoyances. But they detract from the user experience. Get enough minor annoyances and soon the user begins to see a minor annoyance as a major annoyance. Then they get disgruntled, and worse, they start to spread the word about how crappy these "non-standard" Windows alternatives are.

I recently upgraded the system to Jaunty Jackalope, 9.04. I'm hoping that'll cure that lockup quirk; few more days and I'll find out...

Windows Consistency Sucks...AD Edition

Microsoft Windows has gained a well-deserved reputation for sucking wind. I encounter new reasons usually about once a week or so.

Microsoft realized that to make more headway into the enterprise (business, not starships) it had to beef up its offerings, so they did what they usually do. They looked at the guy already in the lead and copied them, added a couple tweaks, and touted it as their own better-than-sliced-bread feature.

At the time this meant they were staring at Novell's behind with their NDS tools (Novell Directory Services), later called eDirectory. Microsoft cloned much of the functionality and called it Active Directory, then proceeded to integrate it into Windows.

Now for the fun part. I don't trust it. Here's a quick reason why.

Windows XP integrated a software firewall. Basically it prevented connections to your computer when it's activated unless you set up rules allowing said software to connect, thus limiting the ability for other programs to infect you through network scans. This post is about irritations with Active Directory, so I won't get into why their firewall software sucks just yet.

Where I work we are using a freeware utility called VNC to remotely assist users when they have problems; we are a small department supporting hundreds of computer and simply cannot be everywhere at once. VNC lets you connect and view the user's desktop; they call saying there's an odd error on their screen, we can connect and see it just as they're seeing it instead of trying to decipher their sometimes creative descriptions of what is going on.

Except when the firewall is on.

Since we're a Microsoft shop, the solution, from many an MSCE with a smirk on their faces (MSCE's are people who pay big bucks to pass Microsoft-biased tests so they get a certificate saying they're certified to answer your questions about Windows and other Microsoft products, really oversimplifying and probably offending some of them out there), is to simply add into your policies...rules that govern the behavior of good Active Directory citizens (i.e., Windows clients) on your network.

Fine. We set up a rule in the default policies saying to turn off the software firewall. Don't get your panties in a wad just yet, sysadmins who know better! I fully realize this is semi-insecure and not best practices. This is not to justify why we did it. The sharp point of the rant is approaching!

About ninety-five percent of the time this works. Boot the computer, the firewall is off. The other five percent of the time, the computer reboots, and voila! We're locked out!

That's right. Active Directory policies, supposedly refreshed at boot and randomly at other times later, sometimes and seemingly without rhyme or reason will lock me out of the remote, twenty-mile-away computer because it decided to activate the firewall!

Best of all because we have certain software running that can only switch modes with a password and a reboot to unlock certain functionality in the computer, the reboot will occur putting the computer into a compromised state just as the firewall pops up, meaning I can't get in to reset the system back the way it was!

Why? Who knows!

We had another policy many moons ago that was telling the computer to hide certain drives from the user that they didn't need access to. This was fine and dandy, except when you ran the old fileman utility from Windows 3.1 or a third-party freeware utility for managing files...the programs showed all the drives. Huh?

After some experimentation it appeared that the Active Directory policy that hides drives was actually a setting for Explorer, the shell program that you interact with in Windows to allow you to launch programs and navigate through Windows.

In other words, the setting to hide system drives in Active Directory was only effective against one program in Windows. Other programs could still work around it. Basically what I would have thought at first glance was a setting to tell Windows to hide access to certain drives was actually telling a particular component of Windows to hide the drives.

No doubt that careful reading would have explained that this was the expected behavior, but I never saw any warning to the administrator that this could be worked around so easily, that it wasn't a system-level lockout but rather something that could be worked around with a two-minute download of freeware.

Another reason I don't trust Active Directory. I got burned by a setting that looked like it was taking a step in the direction of locking out access to the system, in reality it was just telling one part of Windows to hide it. Second, the policies don't always "take," so when I take the time to configure a system to behave in a certain way there's no guarantee that it will, just that it probably will work. Sometimes "probably" just isn't good enough.

Eye Candy

Quick note on a blog with some very interesting notes on how people react to eye candy. Check it out at "A List Apart".

When I was much younger I strongly disliked the Macintosh running MacOS. From the technical viewpoint, it was horrible...the multitasking model was horrible, the memory management was horrible...all it really had was a WYSIWYG (What You See Is What You Get...it used graphics at a time when the average computer used text commands to work and Windows was just beginning to catch on) interface that appealed to non-technical people.

I stand by my arguments from back in the day. I was later validated when Apple ended up throwing MacOS out altogether and adopting the UNIX-based OS X. If you needed something a little more rock-solid and reliable, the MacOS Macintosh wasn't the platform to use.

This article has some interesting points, however, on how design affects us psychologically. My view has always been (in the case of technology) that once the basics are met...fix the memory management, fix the security, fix the multitasking model, etc...eye candy and ease of use are differentiating factors. After all, a Ferrari isn't useful if you can't start it!

Operating System of Choice

I have long despised Windows. I have to support it at my day job and in supporting it have grown to despise it. The lock-ups, the weird behaviours, the overwhelming amount of evidence that it has had feature after feature bolted on to it instead of having been engineered for security and multiuser capabilities, the number of malware programs that take full advantage of Windows users...it drives me nuts.

Many years ago I started using Linux. I found it to be flexible and far more stable than Windows ever was. It had great features while at the same time none of the licensing bull artificially limiting the operating system that Windows had; for example, Windows NT Server is basically Windows NT Workstation with some registry hacks in place to cripple it. You were even limited to a certain number of client connections to the operating system because you didn't pay a few extra hundred dollars. With Linux I could run a web server with as many connections as I wanted, no licensing limitations.

Today my main workstation is running Linux and my workstation where I'm employed is running Linux but my employer-supplied notebook computer is a MacBook, so I get to play with Apple's OS X as well now. This has influenced some of my opinions on the current state of operating systems.

Linux is still a strong contender but I run into a few shortcomings that are significantly annoying. Case in point; my webcams. There was a kernel update in the Ubuntu repos where after updating, my web cam no longer worked properly. I later found out that some applications will work with the webcams, while others don't. Searching for a solution...something that seems to be common in using Linux...yielded no solution other than running what is now a kernel several releases old.

And so far there doesn't seem to be any work being done to get these cams working again. Since it works with some applications and not others the consensus seemed to be that part of the interface to the drivers that interact with the kernel has been changed...so of course blame is shifted to the developer that used a library that no longer works.

Huh? Basically, no one takes the blame, and no one seems to be working on fixing it, and even if they were there's no one to really ask about it or get updates on the situation.

I have issues with the computer working with sound properly. Sometimes it just disappears. I end up having to restart the pulseaudio server on the system (most people probably just restart the computer).

The fact that I have freedom in configuring and using my Linux system is where a lot of its power comes from; at the same time, the fact that I can use an image capture program to get motion captures from the my webcams but can't use a live viewer of what my webcams are viewing or use Skype on Linux to view anything but a garbled green video image is very frustrating.

Then there's the Mac. The Mac is nicer in that most of what I have will just work. I can usually get work done on it. When I have to go through and restart a rogue PulseAudio process I end up thinking that the next time I am looking at a new computer I may very well get a Mac.

But I know I have issues with the Mac as well.

For example, when I secure shell from the Mac into my Linux system, it seems to take forever to connect. From what I can find it has something to do with DNS lookups, but I'm not sure because even after trying to change some settings in the configuration file it still takes forever to connect.

Another problem is that OS X doesn't have any of the neat features inherent in X Windows. For all the issues with X, one of the greatest features I use is to remotely run programs so that the display appears on the computer I'm sitting at, but the drive, resources, processor, etc. are all on the remote computer. This means that if I have Thunderbird set up on my desktop computer with all my filtering rules and preferences then I can run it on a remote computer without redoing all my preferences and filters. It also means that if the computer I'm on is slow or low powered while my desktop has plenty of processor speed and memory to spare then my mail program can be run on the weak system with the only bottleneck being the network connection.

OS X can't do this. It can run an X server as an application so I can launch programs on my remote computer from the MacBook, but I can't launch applications on the Mac so the display comes up on my Linux computer. Note that this is different than remote control software like VNC; those programs show your desktop and let you see the desktop as if you were remotely using that desktop. When you're bringing up a window of your files in a window or reading your email through that then someone else in the room, who you may not see since you're somewhere else, can be sitting there reading your email along with you. Forwarding X doesn't do that.

There's also an issue where things on the Mac either work well or don't work at all. I just plugged one of my webcams into the MacBook; nothing happened. The MacBook wants to run an iSight or it won't work at all without a special third-party driver.

The last big issue I have is with Apple Support. Apple support is great; quick turnaround, relatively easy to work through...the problem is that if I have to call them it's probably because the hardware has a problem. There's no easy way to get new parts without sending the computer away and I really really really do not like sending my personal data to a company where you don't know what is going on behind the employees-only door. While I don't think they're stealing my data or going through information I still have that hesitation in not knowing for sure unless I encrypt everything first. It's the same feeling I have to shove aside in going to a fast food joint. Hear the rumors of people spitting in the food or doing other nefarious things to your burger because you looked at the fry cook in a way they took offense to? It's always in the back of my mind, and I don't like having my tax information, documents, personal images, etc. being sent off to another company to trust that they won't dig through my data.

The Linux system on the other hand can be pretty easy to get parts for since it's a PC with generic parts. The Apple system I can try getting parts and void my warranty coverage if I replace my hard disk or some other part. Very annoying.

The musings here can be summarized as this: I hate Windows. I really like Linux but am running into some limitations that are starting to wear on my nerves. The Mac is very nice and is a strong contender...for the home user I don't hesitate to recommend a Mac, having converted my wife and mother to MacBooks...but even the Mac has some issues that if I switched over I'd have to find a way to work around the problems.

It shouldn't be a problem until the time comes when I have a few spare thousand dollars to spend on a new configuration for my workstation. But it never helps to think about what I'd do differently next time around.

iChat AV Communication Error

As I mentioned before my wife is on a trip until Sunday. Her schedule finally permitted her an early morning break...seven to eight AM, if that can be considered early...to try to chat and say hello to me and the kids.

We both have access to MacBooks, so naturally we'd use iChat AV to video chat. I use it quite a bit to chat with my mother when she wants to say hello to her grandson before bedtime. If she can use it to video chat with me then that should say something for how easy to use iChat is for a task like that.

But it wouldn't work.

Every freakin' time we tried, it would give some communication error.

Searching online gives a lot of entries from people stretching back YEARS saying it could be because of your router, because of firewall or quicktime settings, yadda yadda blah blah. You know the only reliable fix?

Use Skype.

I like iChat. But how, after all this time, can they not get video chat working properly?? It's one of their big features...you're supposed to be able to video conference people on a snazzy 3D-like display but apparently if you have some minor glitch in the handshaking that establishes the connection you will get a vague "error" that offers to send the information to Apple who in turn will ignore the issue.

I had this happen when chatting with my mother...it errored out, it errored out, then one day it worked. It's been working since. I didn't change my router. I didn't alter anything on her end. It just decided, "Hey, maybe they really want this to work, let's work this time around," and it did.

My wife is 24 hours away by freeway in a supposedly halfway decent hotel (a Comfort Inn, I'm told) but I'm afraid if it's a vague issue with their router or firewall there's not much that can be done to troubleshoot it.

Quite frankly, why can't the connection tunnel between the two machines an do a direct connection?? Why is this so difficult to get working?

I wanted to use iChat because iChat is relatively simple to use. It's a damn shame Apple can't seem to get around this video error that apparently plagues so many users.

But if you're interested in the fix that involved not screwing with your router or bandwidth allocation to Quicktime or any of that other bulls#@ you shouldn't have to play with, use Skype. It's free to use the chat function, it's multiplatform, and most of all, we managed to get a video connection up and running within ten minutes while really ticked off at running into the video error issue for the umpteenth time.

I love the Mac. I love it for home users. I don't hesitate to recommend it for non-gamers out there who just want to get their work done, especially for people who want to edit home movies or just browse the web and read email. But Apple really has a couple issues where I think their programmers suffer from a cranial-rectal inversion, and the inability to voice/video chat reliably from iChat is one of them.