For my evaluation this year, I was asked to perform a self evaluation, a reflection of the lessons learned from the last year.  Sometimes I think that an exercise such as this would have been easier if I had kept a journal or had been more open and honest on my work blog.  With that in mind, I am posting it for what it is.... maybe by writing down my lessons, I won't forget them, or perhaps they may be of some use to others.

 
Lessons Learned at APU during 2004/2005 

I think most of the lessons that I have learned in the last year have had to do with things that were necessary to learn about myself.  It is apparent that this better understanding of the way in which I am motivated, the times in which I am successful and those which I am not, is necessary in order to be effective in my unique position at APU.

JSR-168 is a portlet standard that allows any compliant portal to make use of these mini-applications. The potential for providing a mix of applications produced external to an organization, yet consumed internally is great.

There are many companies providing such services in a-la-carte ASP fashion, I thought it would be good to start collecting resources for free portlets. As uPortal is JSR-168 compliant it is likely that we will be consuming such portlets in the future for our University Portal.

• Gems - A Collection small JSR-168 compliant Portlets
• http://community.java.net/portlet/
• http://www.jsr168.org/
• http://portlets.blogspot.com/

I had suspected for a while that Blizzard's hugely successful MMORPG, World of Warcraft used JA-SIG/Yale CAS. As a WoW gamer myself, I had noticed the familiar service ticket string in the url when logging into the forums etc.

Well I finally found more confirmation, a Tomcat stack trace is included on this CAS in the wild!, yale blog post.

Talk about scalability.

update: oops, had a bad link to the blog

In Firefox, I have been storing urls to interesting things in a "to blog" folder on my bookmark bar. The hope is always, this would be good to analyze and post about later, but I don't have the time right now. The truth is, they rarely get revisited. So in the interest of sharing, and putting stuff in place more accessible, I will start quick linking.

Found some good Identity Management related resources. Digital ID World online and in print magazine. Interesting Digital Identity Predictions for 2004, in which are mentioned The Laws of Identity, an ongoing discussion to develop the nature of identity in light of desired federation and interoperability. These discussions resulting in the realization of said laws, was initated by Kim Cameron. Which as Doc Searl pointed out, is interesting because Kim Cameron is in charge of Microsoft's Identity Strategy. A good thing that there is a turn from a monolithic identity infrastructure, previously posed by Microsoft, to one that is distributed and diverse, as stated in the Fifth Law of Identity.

In article on Digital ID World, The Great Directory Heresy, Dave Nesbitt asks whether the rising notion that you can throw more metadirectories or suites and federations at bad data end up with a great enterprise directory is heresy. Its like putting lipstick on a pig he says.

Its a great question. Do you cleanse the data you have? Do you make sure you have the perfect directory structure? Or do you forge forward with policy and business logic to populate and push data out to where it needs to go with what you've already got? Will it lead to chaos? Or, as some suggest, is the IdM an interative process, where the idea is more important than one implementation? I do know that its quite easy to end up doing nothing, waiting for the perfect thing.

Clever slogan in the title of a recent article, Authentication - The Power of Who from Campus-Technology Magazine.

Identity Management is all about an organization knowing who its constituents are. I thought the article was a bit random, and incorrectly labeled as all about "athentication" since authorization and provisioning topics are covered. However, it is a good overview of several of the approaches that schools are taking to meet the opportunity. So from a case study perspective its worth a read...

I just ran emerge update world which switched me from Xfree86 to Xorg. Went fairly smooth, except that some fonts weren't anti-aliased afterward. I followed the instructions in Howto Xorg and Fonts which seemed to do the trick. Primarily:

emerge freetype corefonts freefonts artwiz-fonts sharefonts \
  terminus-font ttf-bitstream-vera unifont

I did end up porting my XF86Config to the new xorg.conf based on xorg.conf.example, You can get it here. (however the only real change was the inclusion of more font paths, so it was mostly academic). Still if you have an IBM R40 with the ATI Radeon 7500 and a 1400x1050 display, and want the built in trackpoint to work simultaneous with a standard logitech usb wheelmouse, then the xorg.conf should work well for you.

It appears that keyboard repeat rate is slow, on first start I was asked whether to use X's keyboard startup or Gnomes. I chose Gnome's, so perhaps I just need to tweak settings. I decreased the delay between repeat, and increased the repeat rate to fastest, and it appears to help, but it slows down the repeat after about 5 characters.

I have updated this and other information on my Gentoo R40 Wiki page.

About the same time as students came back to campus this year, I noticed that my internet connection speed was extremely slow on my gentoo linux notebook. Some websites wouldn't load, and ftp and http downloads never exceded 5KB/s and often were in a measurement not often seen anymore, bits/s. I thought, I know this is a heavy usage period on campus, but this is rediculous.

Well, after our network administrator reported that utilization was was not maxed on our campus partial ds3, I thought perhaps it was a router issue. I started trying different locations, other hosts on campus did not have this problem. I switched to wired, same problem. When others in the building also running linux, were not having the problem I began to suspect by box. But I get full speed at home? Whats the problem?

I did a dslreports speed test which came out rather bizarre, 3434 kbps up and 36 kbps down. :-? Thats two T1's upload speed and a pre 56K modem download speed folks. To which dslreports stated "Your upload speed is much faster than down.. have you tweaked?"

Since the problem was occuring regardless of interface, I began to suspect my kernel. I rebooted with an older 2.6.7 and whamo, the same file that was downloading at 5K/s completed at 200K/s. After the latest gentoo development-sources linux-2.6.8.1, didn't solve the problem I decided to google and found the answer.

The recent 2.6.8 kernels have enabled TCP Window Scaling by default. Window Scaling has been a technique used by cat burglars and the IETF since 1992, see RFC 1323. Basically, it allows for the dynamic setting of tcp window sizes beyond their early fixed limit of 64K to increase performance on the Internet with modern equipment. So why doesn't it work with Linux? Well the problem is not with Linux at all, other than the fact that they turned it on by default. Apparently many routers and packet firewalls are rewriting the window scaling factor during a transmission, instead of only during the initial handshake (SYN). This means that the sending and receiving side are assuming a different TCP window size. The result of this misnegotiation of protocol, is very slow successful traffic if at all.

This also explains why the problem is visible on some sending and receiving sites, because only devices behind the path of broken routers are affected. For instance, why my notebook worked fine from my house, or why I was able to get to some sites from on campus at full speed. Also apparently some routers are only mangling in one direction, which would explain that crazy speed test above.

The solution? Well, some of the linux developers are hoping that leaving the option enabled will force the issue, so that vendors will fix their routers. As for me, I was able to follow David S. Miller's suggestion to turn off the feature dynamically in the kernel.

The following command will disable the win scaling feature for the running kernel:

sysctl -w net.ipv4.tcp_default_win_scale=0

And the following command will make sure it gets set next reboot:

echo "net.ipv4.tcp_default_win_scale=0" >> /etc/sysctl.conf

In case you hadn't picked up on it, this is not a gentoo specific issue. Redhat fedora users, you might be affected as well, along with any other distribution using the recent stock 2.6.8 kernels. This LWN article is the only press I have seen about the problem. For a more complete discussion of the topic, here's the start of the thread on the Linux Kernel Mailing List. It would be nice if someone had a complete list of affected routers, some have mentioned openbsd and cisco.