 Is that working? Right, OK. The title's a bit misleading, but I'll get to that in a second. For those who don't know me, I'm Joe Shields. I'm a Debian developer. I kind of do the same thing-ish in Ubuntu every now and again. And for the purposes of this talk, the relevant bit is that I work for the University of Oxford as a systems manager on their high-performance computing centre. So we have researchers who need to do big calculations, whether it's simulating protein folding or testing out cryptography algorithms or whatever. They need to run stuff. They've got a desktop. We've got hundreds of servers. They come to us. So what is this talk actually about? It's partly about something that we did at the Uni, but it's more about why. And that why is explained with this statement here, which you'll see a lot on the Internet, which is we don't need mono. You hear this a lot. You see it a lot. You see people saying that mono is unnecessary, that there are loads of other things you should be using instead. Monos are just a copy of Java, so you use Java, this, that and the other. Now, within HPC, especially in the UK, we have a technical term for this kind of thing, which we hear from people like vendors. We hear this kind of very certain statement. And the technical term we have in the UK is this. It's bollocks. It's not based in reality. It's just based in silliness. So the talk is basically explaining why we ended up using mono in production in our centre for doing some stuff. And if that sounds really boring, you may as well just go get a beer or something. So why did we end up in this situation? UK universities, as with most universities around the world, aren't Harvard, are massively underfunded. And in 2004, the UK government through a group called the Higher Education Funding Council for England, I think, invested over a period of three years, a billion pounds, which is not much these days with the pound the way it is. And out of that one billion, the Oxford Supercomputing Centre got a three million investment in basically in buying hardware, in buying actual computers. Whereas in previous years, what we'd had to do was save up all the money we could, blow it all on one computer and hope that would last us until we found more money down the back of the sofa. Out of that, unfortunately due to cronyism, politicking and assorted other issues, we had to spend more than half our budget on building a very simple air-cooled machine room in an empty room. And somehow our 500,000 estimate from IBM turned into 1.7 million from the University of States Department. But there you go. We had 1.3 million to buy shiny toys. And what we planned to do with that was to buy three different computers that serve different purposes and different researcher needs and some stuff to glue that together. Just things like shared disk areas, networking infrastructure and all of that. So we never have that much money before. Money is nice, but it brings problems. So first problem is traditionally what we had had. We'd only ever had two systems at a time and it was a lot easier to just treat them as two completely disconnected systems and say, that's computer one, that's your username and password on there, that's computer two, username and password on there. When we create the accounts, they're the same, but passwords, you forget to update it on one of them and this, that and the other. And we were using NIS, a son, I think NIS, to handle sort of inside a cluster, keeping that password updated on that one cluster. So we thought, well, that doesn't sound too good and when we've got three systems, four systems, five systems, that's just going to piss everyone off. So we had to centralise all our authentication stuff. So you'd have one username and password. I'd get you onto all our kit, no matter how new or shiny and only have to change your password once and worry about managing your account once and we thought, NIS is just not going to cope, it's going to fall over dead because it sucks. And there's a NIS plus which nobody cares about because it sucks and there's LDAP which kind of sucks as well, but it at least can handle all of these extra bits we wanted to do. So LDAP is great, but not everything behaves the way you want it to, the way you expect it to with LDAP. So we ran into a problem in our testing, for example, that we could store passwords in the LDAP directory, but the PAM module that handled password changing on account login wouldn't update any of the shadow fields so your password would still be expired even though it tried to change it and we keep running into issues like this with the standard tools that think they're smart but they aren't. So we had to hatch a grand plan. This plan took about 18 months before we even got into hardware testing. The plan was do something about it, find something that can do LDAP management in a decent way, or if need be, write something. And as a systems manager, I know that there's only one answer to any problem that needs a quick fix and a bodge and that answer is Perl because you can never go wrong with Perl. Except if you're trying to do something big and complicated and scary and anyone who's ever looked at the RT code will agree with that. It's not always the answer because Perl very often, I'm not saying it's always the case, I'm not saying it's fate to be the case, but often Perl is a write-only language. You'll write some Perl and then the next guy will try and look at your code and go buh. It's very, very easy because Perl has lots and lots of shortcuts and tricks and hacks to write something unmaintainable and if you try writing big verbose easy code that can also become big and bloated unmaintainable. So I wrote a version in Perl and I needed a few weeks for recovery afterwards and thought this isn't working. So we're going to have to tighten down what we need to do and so we redid our plan. We had to write something. I'd had time to look at all the other things I could find for managing accounts in the way that we wanted to do them and there was nothing already out there or there was nothing out there that was close enough to what we wanted to be worth editing either. So we had to do something pretty much from scratch. We wanted to make it so that anyone using a proper OS could have a nice clicky gooey to do all their account management tasks and that's not just changing a password but it's things like checking on how many credits they've used in our systems and dealing with their email account details and all this that and the other and for people on legacy operating systems without an X server they could still get some functionality through Putty. So we wanted to make sure that the gooey stuff was layered on top of an engine of some kind and we wanted to make it so that the app could be extended over the years as new needs arose and as we found things got annoying in a console we could just add stuff as and when. And one thing that for us was an important requirement is the stuff that users need to do like change a password and the stuff that sysadmins need to do like change a user's password and it's silly to have two different tools to do the user stuff and the admin stuff so we wanted the same tool using the same back end and simply to deal with permissions and this and the other to make sure that users don't go creating accounts only sysadmins can but there's so much overlap it didn't make any sense not to have the same tool for both. So what do we need to worry about? First issue developer team me in my spare time we're not doing other sysadmins stuff which is not a huge team for 1.3 million quids worth of kits, worth of administration stuff I think that makes sense. Small team we kind of knew what we were buying to a degree with two thirds of our plan system so we knew at the time that AMD processors were great at memory band width and we had a lot of codes that were memory bound so we would very very very likely be buying AMD64 for one cluster we knew that for floating point performance it was hard to beat Xeon so we would very likely be buying a Xeon cluster and we knew that we had a third set of users who rather than having code that runs on a cluster their apps only work on one computer with lots of cores and lots of RAM so we had to buy a computer with lots of cores and lots of RAM or a set of large computers with lots of cores and lots of RAM and that was really up in the air we didn't know what to expect and we couldn't legally insist on one thing or another because then it comes to public money and public tendering and favoring one company over another and all of these problems so we had to write our tender in a way that said just give us something with lots of cores in one box give or take and similarly for the operating system you can kind of get around it by saying that we'll take any OS as long as it can run Linux binaries but we have had people give us for example OpenSolaris or Solaris proper version bids saying it'll run your Linux binaries 100% perfectly but we can't legally say that we can't do it so we had to think well we might have Windows on a cluster we might have Mac on a cluster we might get a big HP integrity system running HP UX on itanium we might get IBM coming to us with a P-Series running AIX on power we really didn't know what to expect so that was one thing again that we had to worry about is if our users log into our system and that system is weird they still need to see the same tool presented to them that they would see on the cluster they could see on even on their own desktop we need to make it so that it's the same on all of them so we have to think about that requirement and for example there are development tools out there that aren't particularly favoured on all architectures there are closed tools out there that are very X86 or AMD64 so we had to worry about it we didn't make it too tight a requirement just in case but it was something we tried to think about when I say we I mean me and the final requirement is if everything goes horribly wrong and the very simple nice concept of doing everything in a nice cross-platform I didn't work it had to be easy to fall back on C libraries and there are billions of C libraries out there for Linux which is the OS that really mattered to us that could do pretty much anything and just in case we had to be able to use them so first requirement malloc band I have got better things to do with my time like dealing with users than worrying about memory allocation so nothing that needed me to worry about managing memory was even considered as a framework to deal with second issue nothing if possible on only the main architectures third issue you know source, fine, binary, fine cross-platform really like it but if need be fine will do without it and the last issue I did a degree on Java so I learnt one or two things about Java in the process and how to use C from it or not so I did a search for proper development environments that would make my life easier in aptitude which has got 20 odd thousand packages in general so I was bound to find something and I had a look at the list I read up a bit on those IDEs and the languages that they were centred around and I tried a few little programming tests in those IDEs to see well that seems quite nice I like the syntax it's intuitive, it makes sense the IDEs user friendly and there was a short listing process which kind of didn't have that many choices on it of all the things available and this is late to I think early 2007 sorry MonoDevelop was the only one of the ones that I tried that seemed like a serious thing for me to use given all the previous constraints so how did I end up with this how does it tick those previous boxes that I mentioned number one I don't care about memory that's what Mono does for me so I don't like having to care about things CPR ARCHES there's like some really fringe stuff that Mono doesn't like but other than that all the CPUs work fine with it OS is fine on Windows on Mac, on Linux maybe got it working on K3BSD, I think regular 3BSD works but the big commercial UNIX is not so hot so AIX we would have been screwed and HPUX we would have been screwed but as I said it wasn't the hardest of requirements and we kind of preferred Linux anyway so we would have found a way to fiddle our tendering process to ignore the non-lens anyway if we had to use with Mono, with C-sharp using C is doable and with Java for example it's not or certainly in 2000 with the Java version available then it wasn't as I mentioned I learnt 3 years doing a degree at Southampton very, very C centric the concepts and stuff there was a bit of I'm off to sleep today so everything was done for all the high level stuff teaching of algorithms Java, I think malloc implementation in Java so I know enough Java to be able to use it C-sharp was close to Java to jump into it and go kind of know my way around the and I can ignore the Java that was really stupid as it ended up we didn't know what would it be would it be a graphics Altix 700 with a prize on it came with Mono the Mono question it didn't grant us anything so ever which is good we ended up with a system with 250 it was terrible and it just had an admin tool it's all the other system one GUI is at the moment is the G-up and the Mono GUI and some of these have appeared in the app is this big thing that thousands of lines see appeared in certain people I took them so things appeared using that string got the plug in there someone the future Mono and at the moment I have an version with our system but everything on top of the all LDAP play so we all have our LDAP server running on Debi through encrypted LDAP and it worked enough that you can see it's loaded so that's the GTKR version that's running on my desktop in the office back in Oxford as you can see there's this big list on the left of the functions each of those functions is a different assembly that just advertises itself as the main executable says I need these security requirements here is my icon say password expiry and then it waits because excellent initial dimensions oh there we are so you'll notice there's a greyed out okbox here there's a greyed out select new time here I click that I'll try searching for a user I can't remember if I use this and if any of each his password will expire April 24 so it might authenticate and wait some more I now have app in access we've got a kind of sudo like thing built into the the user model that we've got in our LDAP directory so every user can have a super user assigned to them so I can have a regular user who can gain privilege account leader and account leader can edit his own users passwords or whatever and that's all built into the design of the LDAP steamer as well as the tool so now I'm in admin assuming that goes in updated it might not have been I'll go back in here it might be working there we go so now I've got the okbox I've got the select so I can search back on Jamie I've got the reset password expiry select box so I'll give an extra day of expiry just for fun so more demoing we're ready to do something see there's one reason to use curses is it's a bit happier on bad white again I've lost my apps and curses written in C sharp and all the same functionality to assume that the LDAP server which is expiry control L should refresh control L well that's probably my code but you can see the theory in the GUI is very similar so anyone used to one can use the other and still find our friend Jamie so you can see it's the same tool it was the same UI style and it's using the same batten each of the functions in the left all of this because I haven't got the curses GUI for a lot of them because I'd have to run more widgets and I'm lazy but it's the same stuff pretty much so that's the live demo done so I'm going to breathe again and we'll really get this back out of the box right so why am I here talking about this one thing and my battery level hasn't run yet yes now it's good so as an employee of Oxford University and I'm sure many of you who work for pretty much anyone might have to sign an IP agreement that says that anything I do on their time is owned by them full stop end of story my idea being that they want to sell it to everyone to try and cover some of their horrible deficits so everything is copyrighted in Oxford all rights reserved and a few extra for luck however there is a process it's relatively new it's relatively unpleasant and it's based in their current process for licensing patents so I have to do things like fill out page forms with name by IP to intellectual property due diligence questionnaire I think but I've had to do a lot of this stuff and the process started and that's true and I finished these slides months ago so I have made a request to the appropriate people and that's currently in the hands of the head of research I think was the last thing I heard was that it's with research people on by the university's IP sales people to them it's going to happen I've made sure it's going to happen but there are delays on every stage and I still have to worry about doing my day job so I can't spend all my time trying to chase up your address so before we get to Q&A assuming it happens given how late everything is running a couple of points that I'm expecting to hear once the hands go up why aren't I using QT because QT does everything short version is back in 2007 QT was either commercial or GPL and much as I wanted to make the tool we've got free software I couldn't guarantee that I get submission for that from the university and the license, the commercial license for QT pretty strictly said you cannot use the GPL version as a demo you have to buy the commercial version and then use that for your tool if it's not free from day one so that was my understanding of it anyway I could be wrong on that but that was my reading of licensing I'm not a lawyer but I didn't want to have to worry too much about this stuff so I kind of avoided it for licensing reasons and that's fine now but it's a triple license for the LGPL but I don't have to rewrite everything from scratch so I went to QT with GTK I've stuck with it and I'm really too lazy to change now so that's why not QT next one, Python okay I know that if there are any Python people in the room I'm going to hear about this professionally we've had lots of problems with Python every time a user comes to us and says hi we've got this Python thing I hope they don't try following up on their email we've had problems with libraries not having rights on some architectures we've had problems with needing certain versions which have changed the way that the other one is done so Python I was kind of relatively disposed against it which is kind of the short version I had a play around with Python subsequently and I fiddled someone's some script someone had done back in the early days of the Wemo hacking to make a play session with 3 remote actors as a keyboard so you could use it for mid TV and I found it I didn't really like the syntax and I can understand why people would like the way that it works but I found the syntax unpleasant for the way that I approached coding and given the problems we'd had with Python stuff I wasn't too happy with using it so that's why not so no one needs to ask questions about those two items because now it's question time so most of the time it's just called a discipline and if you have lazy people doing stupid stuff it's going to be stupid in any language and Python just makes it very easy to be really really stupid yes it's very good at that but if you have a discipline coding span you can even write really awesome code yes I think that's entirely fair some languages make it easier to be stupid than others I'd sort of repeat things for the camera and you're right that you can write a very nice pearl it is technically possible I've heard rumors on the internet to write very nice PHP but some languages I know it's far fetched but some languages just by design enforce a little more structure than others and to an extent I like having that little structure enforced when I'm trying to do something serious I'm packing something together in five minutes and I'll just go straight to Pearl because it's great for that but once I have to start being disciplined it's good for me as someone who's not too bright to have the language kick my ass when I'm not being disciplined and Java has got so much to enforce it yes and people hack around it and then I get to hunt them down yeah well I'll tell you one of the other issues that would have arisen if I had gone with Java is we ended up with an Italian system and for a very, very long time we were having to turn away users who wanted to run big memory Java stuff that needed to Java newer than 142 because the newest Java available in Italian was Java 142 until about six months ago and there was a sudden update from Susie to give the Java run time from BEA web server which was 1.5 and it kind of exploded randomly with the user codes so we pretended it didn't exist so we had problems, actually very similar problems with versioning and distribution which we faced with our users with Python so even if the JNI thing has never been needed if it was never a requirement I'd say in stone I would never need to do C then Java would have been much stronger contender than it was but as it was the existence of JNI and I don't think JNA has quite made it into a stable release of anything yet has it JNA is supposed to be a fixed JNI in about I don't think it's anywhere does anyone know about it? Well it's a legal issue because if that thing ever makes it into Java then it means that Microsoft was actually right when they made those changes to the language that they got two billion dollars for so it's not likely it's going to happen I'm not going to comment on whether Microsoft have ever been right about anything because then I'm going to ask it but even if it's going on YouTube so that was why not Java basically and I agree entirely with some languages and you can not beautiful Perl I've seen very nice readable Perl that I'm not good enough to like it okay I think anyone else?