There has been a lot of noise of late around a new ‘killer’ feature in Solaris 10 called DTrace. Initially I viewed it with some scepticism, but increasily I’m coming to see the huge step forward this is for Solaris. Linux / UNIX has always had a plethora of debugging tools, available to admins
- strace – trace system calls made by a process
- ltrace – trace library function calls made by a process
- mcheck – trace memory allocations
- sar – monitor system resource instrumentation counters
- ps – list processes
- top – monitor processes
- lsof – list open file handles per process
- tcpdump – monitor network traffic
- gdb – trace program execution
- oprofile – monitor program execution via hardware CPU counters
- iostat – monitor filesystem I/O
- vmstat – monitor VM system operation
…but for any typical debugging task, a combination of one-or-more of these tools is required. Tieing together the datasets generated by each tool is possible (most stats are correlated by process ID), but alot of work for the programmer. When threads come into play correlating the data gets even harder. Another aspect of these tools is that they are intrusive to the operation of program being debugged. While a performance hit is acceptable in some cases, the way ptrace() syscall works on Linux can actually cause the programs to crash or behave in abnormal ways.
Enter DTrace. In a nutshell, DTrace provides a single tool that can monitor any aspect of the system, from across both kernel and userspace, system wide, per process, or somewhere in between. This provides an immediate win by removing the need for manual cross-correlation of data from a disperate set of tools. DTrace runtime defines a standard set of many thousands of probes covering all common system events. A simple C-like programming language (with addition of associative arrays and garbage collection) is provided for collecting and processing data when probes are fired. The language is highly optimized & written with safety as a top priority, such that running probes incurrs no overhead or risk to the system being monitored. This allows admins to be confident of using it to diagnose problems on critical production servers.
Enter Linux. So what can Linux provide to answer to DTrace ? In the event it turns out that there are a number of options available, although none quite as comprehensive as DTrace (yet!):
- KProbes – provides an API for inserting probes at arbitrary machine instructions. When the instruction is hit a callback is invoked to perform any required processing & then control returns to the original instruction. An inserted, but inactive probe is a merely 2 instruction overhead.
- DProbes – is a level higher up, using the KProbes functionality. It provides a simple RPN (Reverse Polish Notation) interpreter for creating probe callbacks, the key being safety and efficiency of the callbacks. At a higher level there is a mini-C language which compiles down to RHN. This is close to but not quite as powerful as D, since it lacks garbage collection & associative arrays.
- LTT – is a general purpose Linux tracing toolkit. It can pull together data from a number of sources. One such source is a simple kernel module defining 40 or so events, another source can be DProbes.
There are a number of other tools available with varying degrees of coverage, but nothing really comes close to the polished-perfection of DTrace. Out of all of them, DProbes is probably the open source tool with the most potential, but even that needs more work:
- Safety. Protection is needed to make it impossible for a probe to crash the program being traced
- Ease-of-use. The mini-C language could do with a few higher level features like garbage collectioon, associative arrays, thread local storage
- Documentation. Never underestimate the importance of through documentation (conversely the difficulty of creating good documentation!)
- Probe library. A large library of pre-defined probe points that with stable API across kernel upgrades.
I for one hope that Linux community (& vendors supporting it) realize the value of a polished tool like DTrace and take prompt steps to close the gap to Solaris. For the interested here are more links
Reading the comments on a recent posting about a free certificate authority came across this point about the limitations of the current use of certificates.
Without CA’s and revocation information, SSL-style (RSA) public key infrastructures are useless. That means every client needs access to recently updated and TRUSTED revocation lists to make sure that no cert’s have been forged or stolen. Every meaningful SSL client should periodically verify that any server certificates it uses are and remain valid. Using the CA’s public key is absolutely NOT sufficient.
…the implementation of the certs is screwy, since basically it means nothing at this point other than the fact that you are communicating over SSL. Basically from a browser standpoint the implementation of certificates is completely worthless since the authentication checking is just not there. The X.509 cert’s were originally designed to completely authenticate that you are talking to the host/person you intended to. Since browsers currently do absolutely nothing but a check vs. the public CA key, basically any cert the CA issued regardless of status (other that those that have expired with time) are complete valid certs. They could have been forged, stolen, or otherwise abused but we trust them anyway… Really a sad state of things…. X.509 revocations do exist, but since there really is no universal Public Key Infrastructure (for the non-security guru), or rather the browsers don’t even TRY or HAVE A WAY to validate them in most cases they really don’t mean much at all…
And yet another example of ridiculous application of DRM…curtosy of Laurance Lessig via LWN
Amazon.com is offering an electronic version of the U.S. Constitution aimed at Microsoft’s reader. It’s all nicely equipped with the usual digital rights management stuff; according to Amazon, permission to print the Constitution has been denied.
…if somebody were to get around the DRM and dump a copy of this electronic book onto their printer, it would be a clear violation of the DMCA. For somebody looking for a day in court, it would be harder to find a more desirable case to defend than being charged with printing the U.S. Constitution. Explaining the problems of U.S. copyright law to otherwise uninterested parties has always been a challenge; given enough products like this one, that task is likely to get easier
New Scientist‘s Feedback section has long featured entries about people whose names are wierdly appropriate for their jobs.
Reading through an article on The Register entitled “Guantanamo Bay loses ‘least worst place’ status”, there is mention of the ultimate combination. One of the PR officers for Guantanamo Bay with the name Kafka! Those familiar with Franz Kafka‘s work will recognise the scary similarities between events in Guantanamo Bay and his book “The Trial” (also made into a film by Orson Wells).
Back in 2001, Defense Secretary Donald Rumsfeld took a crack at solving this riddle, dubbing Guantanamo Bay “the least worst place” to store evil-doers. But now, with the torture scandal unfolding, the Navy has declared that Guantanamo Bay is not “the least worst place” at all.
The Navy once embraced the “least worst place” Rumsfeldism proudly, displaying the slogan across the banner of its Guantanamo Bay web site. …snip…
Times, however, change, and when a new commanding officer for the prison – Captain Les McCoy – took over near the end of 2003, he ordered a Photoshop job on the “least worst place” banner, removing the slogan all together.
“The removal was ordered because the commanding officer did not feel it accurately reflected his vision of the base,” said Navy spokesman Lieutenant Mike Kafka.
(Yes, you’re reading that correctly. A man named Kafka has been deployed to field questions about a prison where the criminals are only vaguely charged with crimes, can’t speak to lawyers and likely will never get out.)
One of the best things about languages such as Prolog is the ease with which you can validate theorums. As an example take a look at the program to validate the theory that if a woman weighs the same as a duck, then she must be a witch:
witch(X) <= burns(X) and female(X).
burns(X) <= wooden(X).
wooden(X) <= floats(X).
floats(X) <= sameweight(duck, X).
female(girl). {by observation}
sameweight(duck,girl). {by experiment }
? witch(girl).
> yes
For reference here is the original plain english line of reasoning:
BEDEVERE:
Quiet! Quiet! Quiet! Quiet! There are ways of telling whether she is a witch.
VILLAGER #1:
Are there?
VILLAGER #2:
Ah?
VILLAGER #1:
What are they?
CROWD:
Tell us! Tell us!...
VILLAGER #2:
Do they hurt?
BEDEVERE:
Tell me. What do you do with witches?
VILLAGER #2:
Burn!
VILLAGER #1:
Burn!
CROWD:
Burn! Burn them up! Burn!...
BEDEVERE:
And what do you burn apart from witches?
VILLAGER #1:
More witches!
VILLAGER #3:
Shh!
VILLAGER #2:
Wood!
BEDEVERE:
So, why do witches burn?
[pause]
VILLAGER #3:
B--... 'cause they're made of... wood?
BEDEVERE:
Good! Heh heh.
CROWD:
Oh, yeah. Oh.
BEDEVERE:
So, how do we tell whether she is made of wood?
VILLAGER #1:
Build a bridge out of her.
BEDEVERE:
Ah, but can you not also make bridges out of stone?
VILLAGER #1:
Oh, yeah.
RANDOM:
Oh, yeah. True. Uhh...
BEDEVERE:
Does wood sink in water?
VILLAGER #1:
No. No.
VILLAGER #2:
No, it floats! It floats!
VILLAGER #1:
Throw her into the pond!
CROWD:
The pond! Throw her into the pond!
BEDEVERE:
What also floats in water?
VILLAGER #1:
Bread!
VILLAGER #2:
Apples!
VILLAGER #3:
Uh, very small rocks!
VILLAGER #1:
Cider!
VILLAGER #2:
Uh, gra-- gravy!
VILLAGER #1:
Cherries!
VILLAGER #2:
Mud!
VILLAGER #3:
Uh, churches! Churches!
VILLAGER #2:
Lead! Lead!
ARTHUR:
A duck!
CROWD:
Oooh.
BEDEVERE:
Exactly. So, logically...
VILLAGER #1:
If... she... weighs... the same as a duck,... she's made of wood.
BEDEVERE:
And therefore?
VILLAGER #2:
A witch!