One-Time-Passwords for XMPP/Jabber?

I search a way to use one-time-passwords for jabber/XMPP (ejab­berd) on FreeB­SD. I do not want to use PAM (local users on the machine). Cur­rent­ly I use the inter­nal authen­ti­ca­tion, and I expect that not all users of the jab­ber serv­er will use OTP if avail­able, so the prob­lem case is not that easy (migrat­ing exist­ing users to a new solu­tion can be done by chang­ing the pass­word myself and then telling them to change their pass­word, but there needs to be a way to let them change the non-OTP password).

I assume that OTP is not fore­seen in the XMPP pro­to­col, so where could I ask to have some­thing like that con­sid­ered as an exten­sion (if such a place exists at all)?

Oh, yes, send­ing the pass­words over SSL is not an option (that is already the only way to login there). The goals are to have

  • an easy to remem­ber pass­word for an OTP app on the mobile to gen­er­ate the real password
  • the pass­word expire fast, so that a stolen pass­word does not cause much harm
  • not the same login-password for dif­fer­ent ser­vices (mail-pw != jabber-pw != user-pw)

ARC (adap­tive replace­ment cache) explained

At work we have the sit­u­a­tion of a slow appli­ca­tion. The ven­dor of the cus­tom appli­ca­tion insists that the ZFS (Solaris 10u8) and the Ora­cle DB are bad­ly tuned for the appli­ca­tion. Part of their tun­ing is to lim­it the ARC to 1 GB (our max size is 24 GB on this machine). One prob­lem we see is that there are many write oper­a­tions (round­ed val­ues: 1k ops for up to 100 MB) and the DB is com­plain­ing that the log­writer is not able to write out the data fast enough. At the same time our data­base admins see a lot of com­mits and/or roll­backs so that the archive log grows very fast to 1.5 GB. The fun­ny thing is… the per­for­mance tests are sup­posed to only cov­er SELECTs and small UPDATEs.

I pro­posed to reduce the zfs_txg_timeout from the default val­ue of 30 to some sec­onds (and as no reboot is need­ed like for the max arc size, this can be done fast instead of wait­ing some min­utes for the boot-checks of the M5000). The first try was to reduce it to 5 sec­onds and it improved the sit­u­a­tion. The DB still com­plained about not being able to write out the logs fast enough, but it did not do it as often as before. To make the ven­dor hap­py we reduced the max arc size and test­ed again. First we have not seen any com­plains from the DB any­more, which looked strange to me because my under­stand­ing of the ARC (and the descrip­tion of the ZFS Evil Tun­ing Guide regard­ing the max size set­ting) sug­gest that this should not show this behav­ior we have seen, but the machine was also reboot­ed for this, so there could also be anoth­er explanation.

Luck­i­ly we found out that our test­ing infra­struc­ture had a prob­lem so that only a frac­tion of the per­for­mance test was per­formed. This morn­ing the peo­ple respon­si­ble for that made some changes and now the DB is com­plain­ing again.

This is what I expect­ed. To make sure I ful­ly under­stand the ARC, I had a look at the the­o­ry behind it at the IBM research cen­ter (update: PDF link). There are some papers which explain how to extend a cache which uses the LRU replace­ment pol­i­cy with some lines of code to an ARC. It looks like it would be an improve­ment to have a look at which places in FreeB­SD a LRU pol­i­cy is used to test if an ARC would improve the cache hit rate. From read­ing the paper it looks like there are a lot of places where this should be the case. The authors also pro­vide two adap­tive exten­sions to the CLOCK algo­rithm (used in var­i­ous OS in the VM sub­sys­tem) which indi­cate that such an approach could be ben­e­fi­cial for a VM sys­tem. I already con­tact­ed Alan (the FreeB­SD one) and asked if he knows about it and if it could be ben­e­fi­cial for FreeBSD.

Silenc­ing a hair dry­er (and oth­er house­hold stuff)?

My wife used a hair dry­er this morn­ing. Nor­mal­ly this is noth­ing worth to blog about, but after a night with not so much sleep (my child is get­ting sev­er­al new teeth at once and I took care about it this night) the sound of the hair dry­er was a bit annoy­ing, even if I was already prepar­ing me to go to work too.

At this point I sud­den­ly noticed, that I can not remem­ber to have seen a com­mer­cial of a hair dry­er where a low noise sound pres­sure lev­el is one of the impor­tant fea­tures. I also can not remem­ber that some­one things that this shall be changed. This is strange.

There is a lot of move­ment to make cars more silent. There is a lot of move­ment to lim­it the sound pres­sure lev­el of portable music play­ers (those where the music is con­sumed the most with head­phones). There are rules about the sound pres­sure lev­el at work. There are com­mer­cials which focus on the lack of loud noise from the dish­wash­er or the wash­ing machine, but I can not remem­ber to have seen putting the noise lev­el of a hair dry­er, a mix­er, a vac­u­um or some­thing sim­i­lar as a major fea­ture against a com­pe­ti­tion into a commercial.

When we are a bit late to go to work, my wife is some­times using the air con­di­tion­ing of the car as a hair dry­er (we dri­ve togeth­er, so no dan­ger on the road), and this is pro­duc­ing enough air­flow to dry the hairs while still not being as loud as a hair dry­er. Yes, the air­flow gen­er­ates some noise which you can not pre­vent, and the fans are more far away from the ear than it is the case with a hair dry­er (and it is not a low-class car), but if I look at the noise lev­el of qui­et fans in a PC, I am sure that it is pos­si­ble to cut the noise pres­sure lev­el of a hair dry­er. No high-frequent noise from the motor of the fan and a blade and case design which pro­vides a good air­flow while reduc­ing airflow-noise is possible.

As a hair dry­er is a device which is not far away from ears, I am sur­prised that there is not more inter­est (at least in var­i­ous tech­ni­cal standards-compliance def­i­n­i­tions and tests required by the gov­ern­ment) in this. Spe­cial­ly kids seem to agree that it is too loud.

Sim­i­lar for a vacuum.

And while we are at it, my moth­er is known to bake good cakes, she is bak­ing at least one cake per week and if there is some fes­tiv­i­ty (fam­i­ly, friends, neigh­bors) she is even bak­ing 5 – 6 cakes in a week. As such she is not using a cheap mix­er, she is using a qual­i­ty prod­uct with a sta­ble stand. Still, this device is mak­ing a lot of noise. A part of the noise is gen­er­at­ed by the motor (high fre­quen­cy, depends upon the speed of the mix­er) and if you real­ly want to speak about some­thing, you bet­ter go out of the kitchen.

I know, devices with a reduced noise lev­el a more expen­sive to cre­ate and build, but I can not real­ly believe that nobody would we will­ing to spend mon­ey for such a device. So, if you know a mar­ket­ing per­son of a man­u­fac­tur­er of such devices, please have a talk about a nice “our prod­uct is bet­ter than the one of the com­pe­ti­tion because it is more silent”-campaign with him/her.

No good heat reser­voir available?

I was search­ing for a good heat reser­voir. Unfor­tu­nate­ly it seems that all on the marked are far from state of the art (they are prob­a­bly in their class, but see below).

Most of the devices use water to store the ener­gy. I found one (in Europe/Germany) which is using phase change tech­nol­o­gy instead of water to store more heat in the same stor­age place (but you need to ask how much it costs and how long they need to deliv­er, which prob­a­bly means that it is a lot more expen­sive (part­ly due to lim­it­ed amount of pro­duc­tion quan­ti­ty) than water based heat reser­voirs). I have read a lot about phase change mate­ri­als (PCM), and it seems there are dif­fer­ent kinds of sil­i­ca or wax (or oth­er mate­ri­als) which are bet­ter suit­ed to store heat ener­gy, but the only mass-market tech­nol­o­gy seems to be water based ones.

This looks strange to me. When I look at his­to­ry, oth­er mate­ri­als than water where already used a lot in the past (e.g. stones where heat­ed and then they were used in a press­ing iron or as some­thing which is replaced now by a hot-water bot­tle or an elec­tri­cal heat­ing cush­ion in the bed; yes, all this does not involve a change in the phys­i­cal state of the mate­r­i­al, but the point is that oth­er mate­ri­als than water where already used in the past), so I do not under­stand what is pre­vent­ing to let PCM based heat reser­voirs going mainstream.

Except for choos­ing the right PCM and obtain­ing it, it does not look hard to build such a heat reser­voir. You can add a heat-exchanger in the bot­tom and feed solar-power there for long-term heat­ing the PCM, anoth­er heat-exchanger at the top to heat the use-water and/or heating-water from the heat stored in the PCM, and a 3rd heat-exchanger (placed at the top too) which you con­nect to your central-heating if you need a lit­tle bit of quick short-term heat­ing of the PCM. I do not know if you need to add some  heat-layers (e.g. by putting a big cheat of a non-PCM mate­r­i­al between the long-term heat­ing part and the short-term heat­ing part), but  it should be easy to test if some­thing like this is ben­e­fi­cial or not. If you have a fire­place which you want to con­nect to the long-term heat­ing of the PCM, it may also be ben­e­fi­cial to have a 4th heat-exchanger togeth­er with the solar-one, but maybe there is anoth­er solu­tion to do this with the 3‑heat-exchangers-setup (I have not inves­ti­gat­ed this pos­si­bil­i­ty at all).

If some­one knows some inter­est­ing prod­ucts in Europe or has some help­ful infor­ma­tion (any­thing which can be inte­grat­ed into exist­ing heat­ing sys­tems with­out much ren­o­va­tion of a lot of rooms), please write a comment.

Mul­ti­me­dia opti­mized net­work card

I am tired of bad net­work cards on main­boards. Can someome who knows a mar­ket­ing guy of a main­board man­u­fac­tur­er please please tell them to inte­grate a good net­work card (Intel ones comes to my mind, but oth­er non-RealTec ones are not bad either… if an Intel one is not pos­si­ble at all)? They just need to sell those main­boards as gam­ing and/or mul­ti­me­dia optimized:

  • a good net­work card trans­fers more data per sec­ond (even while the CPU is used much)
  • a good net­work card does not take much CPU (good DMA engine and some IP-stuff-in-hardware features)

Sim­i­lar things can be told about good/bad SATA con­trollers and USB con­trollers. If done right, they affect the sys­tem less and/or per­form bet­ter than not so good parts.

Yes, most of this does not affect gam­ing in a sig­nif­i­cant way, but a lot of oth­er hard­ware gamers buy does not affect the gam­ing significantly.

The point is, that they are will­ing to give more mon­ey to get some­thing bet­ter. So please, give them the pos­si­bil­i­ty to pay a lit­tle bit more for good qual­i­ty so that good stuff will go mainstream.

And do not under­es­ti­mate the pow­er of mouth-to-mouth mar­ket­ing. If you pro­duce some­thing bet­ter than oth­er com­pa­nies for a fair price (no need to play the we-are-the-cheapest game, just take care to not be the most expen­sive one), it will be bought.

BTW: This is sim­i­lar to the mar­ket­ing with good capac­i­tors, just on an IT instead of an elec­tri­cal level.