Monthly Archives: November 2004

Rapat dengan netproject

Pagi ini tiba di kantor, dan tiba-tiba ditegur teman, “are you coming to this OpenLDAP meeting ?”. Hm, perasaan meeting hari ini soal desktop linux deh, tapi oh well, why not.

Ternyata benar 🙂 bukan soal OpenLDAP, tapi pengenalan soal Open Source dan Open Desktop oleh netproject. netproject adalah perusahaan konsultansi yang menjadi terkenal ketika Microsoft kebakaran jenggot karena Newham City Council hampir pindah dari solusi Microsoft ke solusi open source berkat rekomendasi dari netproject. netproject juga membuat laporan untuk European Union soal cara migrasi ke solusi open source.

Eddie Bleasdale, direktur netproject, memimpin langsung rapat tersebut. Berikut adalah beberapa hal yang menarik dari rapat ini:

  1. Proposal paten software di EU (European Union) ternyata adalah karena tekanan keras dari pemerintah Amerika 🙁 dasar teroris.
  2. Kasus migrasi open source di Munich – ternyata keputusan migrasi tersebut berdasarkan hal yang politis, not based on good business/technical case. Menurut Eddie, saat ini mulai terdengar beberapa masalah dengan implementasi pada proyek ini. Duh, mudah-mudahan mereka tetap berhasil deh…
  3. pak Eddie pernah sekali memberikan presentasi mengenai open source ke para manager marketing Oracle se-Eropa; dan mereka semua sepakat bahwa MySQL (bukan DB2, bukan juga MS-SQL) adalah ancaman nomor #1 bagi Oracle

Cukup menarik….

Juga ada beberapa hal yang menarik yang lainnya, tapi sayang belum bisa saya beberkan sekarang. Mudah-mudahan dalam waktu yang tidak terlalu lama lagi deh.

Websphere sucks…


Why ?

  1. Reliability: This thing takes IBM literally years to stabilise. I personally enjoying it myself, with my manager calling me “why the website is down ?”, and to find out that Websphere has fell down again for no clear reason. And we’re only using it for running our CMS for God’s sake (think Mambo, Drupal, PostNuke, etc) – it’s not something terribly sophisticated ! In fact, that CMS is actually developed in Tomcat ! So it’s not even using the full feature of J2EE offered by Websphere. Still, Websphere is having problems running this
  2. Forced upgrade: It all started pleasantly – the IBM consultants ran the excellent presentation on Websphere, and the price was reasonable too. Fast forwards several months – we’re having reliability issues with it. We inquired IBM about this, and their reply was some sort of “well, we no longer support that old version (what !!), so if you want to get our support, you better upgrade it to the latest one”. Then we found out the nasty surprise of the upgrade cost…
  3. Cost : Latest versions of Websphere are so expensive, once it was priced 8x (eight times) higher than the alternative solution based on Tomcat. Basically, picture yourself a big, bad, Sun server; with multiple UltraSPARC processors, and gigabytes of RAM. OK, basically, the Websphere license cost was enough to buy 2 of those. Do I still need to tell you which one got chosen by the project manager ?
  4. Scalability: An analyst defended Websphere saying that it’s the right choice when you need scalability in a system. Sorry, but, scalability my a$$. Basically, despite given the best server in the system, Websphere consistently managed to still become the bottleneck of that system. I ran a set of load-tests a few months ago against a system, which include a Compaq DL380 and a big Sun server running Websphere. That Compaq DL380 runs 3 virtual servers (using VMware) , yet it’s load consistently hovered around 1%-2%. The Sun server (that runs Websphere) however, kept on falling over flat on its face, with 100% system load.
  5. A bloated pig: I think by now you’ll understand already that Websphere is basically a massive bloated software, with low performance level compared against other similar software, despite attempts by (very expensive!) IBM consultants to tweak its performance.

It’s a massive bloat, it’s slow, it’s unreliable, and it’s priced to burn a seriously big hole in your wallet.

Stay as far away as possible from it.


# There’s a reason why Microsoft picked Websphere in their effort to promote .Net against Java
# Finally IBM will revamp Websphere’s reliability and performance. Or is it possible that I’m rejoicing too soon ?

OpenBSD v3.6

OpenBSD has been released for quite a while now. [ Here ] is a nice summary of it from

My personal impressions of it are:

  1. It’s number #1 OS if you’re concerned about security
  2. There are so much work going into this OS – hardened against buffer-overflow attack (even built into its compiler), arguably the most common type of attack. Also impressive use of cryptography, and how the system is set up securely in general – no initial root login via ssh, chroot-ed daemons, etc.
  3. OpenBSD team gives the best impression of a professional voluntary group. They set high standards, they set goals, and they meet them.
  4. An OpenBSD server, however, can be really difficult to setup and maintain. This is more to our lack of familiarity to various security process, instead of the fault with OpenBSD itself. Still, it tend to deter newcomers.
  5. Another problem is lack of newbie-friendly documentation. I tried to rectify that with [ this ], however note that I had to stop writing it when I changed my server before I can really sure that everything in there works.
  6. Package management is a serious omission in OpenBSD. But I heard that such thing (some kind of portupgrade) is already availabe in the bleeding-edge version of it.
  7. OpenBSD doesn’t yet comprehensively address the new rising threat – web-application security. Including mod_security in Apache by default could help to address this significantly

My own biggest issue with it is lack of effective package management solution (which is important when you want to spend as little time as possible administering your servers), so once this is addressed (in v3.7 I assume), then I think I’ll give this another go.

Selamat Natal

Sebentar lagi hari raya Natal akan tiba bagi umat Kristiani.
Dan sebentar lagi juga umat Islam akan ribut lagi mengenai halal-haramnya mengucapkan selamat natal (walaupun sudah jelas buya Hamka sampai ditendang dari MUI oleh Soeharto karena menolak menghalalkannya).

Sehingga, kiriman email barusan dari ini menjadi sangat menarik:

Assalamualaikum wr wb.

Tempat saya bekerja adalah sebuah perusahaan asing (di Singapura) yang berkantor pusat di Jerman.

Saya pikir tentunya mengucapkan selamat natal sudah biasa dilakukan.
Tapi ternyata bagian marketing kami berpikiran lebih maju, mereka punya cara tersendiri dalam memanfaatkan momen ini.

Perhatikan cuplikan e-mail berikut:


Just to let you know that Xmas card stock has arrived. These cards
are non-religious & simply state “Seasons Greeting and Best Wishes
for the New Year” in english & 6 european languages.

Kelihatannya, kita bisa menarik pelajaran dari orang-orang non-muslim ini 🙂

GM food & FDA

I was spanked (virtually!) in an online forum for hinting that FDA (Food & Drug Administration) may not be a reliable source of information regarding safe food & drugs. Unfortunately, recently there’s another article in a journal again giving the proof of this issue:
GM Crop Safety Tests ‘Flawed’

GM (Genetically Modified) food have potentials to be good or evil. However, FDA decided that some of them are good based on the information from its producers. Which, of course, should be expected to be highly biased.

If you live in USA, here’s another thing that you need to be careful of:
Problems with milk

Playing God

Yanuar Nugroho posted this on PPI-UK mailing list. I’ve been monitoring this for quite a while as well, and it just doesn’t make sense on how some people can be so cruel as to block access to cheap medicines using patents (and therefore killing millions in the process).
I think they should be brought to court and dealt as murderers.

OPINION & EDITORIAL – The Jakarta Post, 12 September 2003


Yanuar Nugroho,
Director, The Business Watch Indonesia, Surakarta,

Having less money means less opportunity to survive — to keep alive. We are
in a world in which death and life are no longer “natural,” but

The association of pharmaceutical industries in the United States, PhRMA,
quoting last year’s World Health Organization report, describes how diseases
quickly and harshly kill people — 4 million people die annually due to
respiratory infection, 2.2 million from typhus-cholera-dysentery, 1.7
million from tuberculosis, 1 million from malaria, 900,000 from blood-fever
and 3 million from AIDS-related diseases.

And what is the “progress” of medical discoveries? From 1975 to 1996, 1,223
new kinds of medicine were developed, but only 13 types were designed to
cure the disadvantaged of major tropical diseases. The greatest proportion
of production costs for medicine was allocated to research into cosmetics,
obesity and other beauty-related medicines.

In 1998, of a total budget of US$70 billion allocated for research carried
out by the giant pharmaceutical corporations, only $300 million (0.43
percent) went on AIDS vaccine research and $100 million (0.14 percent) on
malaria research (The Economist, Nov. 10, 2001).

Unless we admit that health has been in the arena of profit-making, we will
not be able to understand this irony. This is all about an accumulation of
power and money that sacrifices everything for its own sake.

In 1999, of a total 33 million people living with AIDS, 26 million (78.8
percent) were in Sub-Saharan Africa. Yet, the market for pharmaceutical
products in Sub-Saharan Africa was only 1.3 percent of the world total. The
poor here could not afford expensive, patented medicines — there is an
intellectual property right that must be taken into account in the pricing

In the ongoing 5th WTO Ministerial Meeting in Cancun, Mexico, the issue of
Trade-Related Intellectual Property Rights (TRIPS), especially related to
public health, is among the central themes. The issue is how to ensure that
patent protection for pharmaceutical products does not prevent people in
poor countries from having access to drugs, while maintaining the patent
system’s role in providing incentives for research and development into new
medicines. Are these two objectives compatible?

Flexibilities, such as “compulsory licensing,” are indeed in the TRIPS
Agreement. Governments can issue compulsory licenses to allow a competitor
to produce the product or use the process under license, but only under
certain conditions aimed at safeguarding the legitimate interests of the
patent holder. Parallel importing — where a product sold by the patent
owner more cheaply in one country is imported into another without the
patent holder’s permission — is also possible.

But countries’ laws differ on whether they allow parallel imports. The TRIPS
Agreement simply states that governments cannot bring legal disputes to the
WTO on this issue. In addition, these flexibilities do not have to be
applied. They are sometimes used as a means of bargaining. The threat of a
compulsory license can encourage a patent holder to reduce the price.

But some governments are unsure of how these flexibilities would be
interpreted and how far their right to use them would be respected. All the
WTO’s African members are among those pushing for clarification — the
consequence is about life and death. The generic versions of patented
medicine, for example, are not permitted for 20 years!

In the main declaration, WTO stressed that it was crucial to implement and
interpret the TRIPS Agreement in a way that supported public health — by
promoting access to existing medicines and the creation of new ones. Yet, in
a separate declaration, they still disagree on the phrase, “countries still
unable to produce pharmaceuticals domestically can import patented drugs
made under compulsory licensing.”

Clearly, it has an indirect impact on countries unable to make medicines and
which therefore need to import generics, like Africa for AIDS medicines.
They would find it difficult to find countries that could supply them with
drugs made under compulsory licensing.

The global pharmaceutical industry is worth US$ 300 billion nowadays. As of
1997, the largest pharmaceutical market was developed countries — the U.S.
and Canada (36.1 percent of the world total), followed by Europe (29
percent) and Japan (15.9 percent). Poorer countries followed: Latin America
(7.7 percent;), Asia, minus Japan (7.3 percent), the Middle East (1.9
percent), Africa (1.2 percent) and Australia-Pacific (0.9 percent).

A multilateral solution should therefore be decided at Cancun as it now
seems that industries in the health sector only belong to those who can pay.

It seems we are playing with life and death; we are dangerously playing at
being God. Let’s stop it. ***

(The writer is also a researcher at Uni Sosial Demokrat, Jakarta)

Kiai Kanjeng @ Birmingham

Kiai Kanjeng @ Birmingham

A few of their video clips can now be downloaded [ from here ]

Yesterday (Wednesday, 24 November 2004), we enjoyed the opportunity to watch Kiai Kanjeng’s live show at the BMI (Birmingham and Midlands Institute). I must admit that I never heard their performance before. My knowledge about Emha Ainun Nadjib (the leader of the group) was strictly limited to his writings and interviews in the various mass media.

Some people criticised him, saying that music is not permitted in Islam, and said he’s doing the wrong thing. I honestly admit that I don’t feel capable to judge whether they’re right or wrong; I can only relay things that I’ve read and hear – but I reserve the final judgement to Allah swt.
Anyway, most of the time I’m not hugely interested in music, and therefore didn’t really looking forward to this event.

It all turned out to be a lot of pleasant surprises and experience.

I was most impressed by the composers (I believe Emha is not the only composer in the group) skill and talent. We’re talking about many type of instruments and kinds of music: saron, rebana, keyboard, violin, electric guitar, bass, drum, percussion, demung, kendang, bamboo flute, (and of course) gamelans; dangdut, jazz (there were even jam sessions!), pop, rock, arabian, javanese, blues, chinese, etc.
I’m still amazed and very impressed that the composers managed to bring them together in various of their songs and adaptations, tastefully and beautifully. Sometime, a single song will be performed in several style – jazz and Arabic, pop & blues, and so on; and they’re performed cohesively and smoothly. I know creative works when I see one, and I enjoyed plenty of them in the event. It was a rare experience of sensory overload.

Kiai Kanjeng based their works on Islam. Therefore, many of their songs have chants / prayers in arabic / indonesian / english. The music serves as mood setters, and I must confess that it works. I got goosebumps many times during their 4 hours of performance.
Sometimes it also makes it fun – I’ll be interested to see if anyone else can make “Everything I do, I do it for you” (Brian Adams) into a religious song, and perform it in such a tasteful way 🙂
Do prepare to be surprised over and over again – for example, at one moment the melody of “Silent Night” started. A friend of us who is a Christian evangelist stood up in joy and anticipation. No luck though, Cak Nun is not crossing that line – shalawat (praises for prophet Muhammad) was heard instead, with the melody of Silent Night. It seems that he’s being cheeky and creative at the same time 🙂

The musicians skills are also quite impressive. Most of them handle more than one music instruments, with some handling as many as four. They bring life to the performance, slow and mesmerising at some times; fast, clean, and powerful at other times, and clearly enjoying it the whole time.

It’s even more impressive when I read the booklet that was given at the show.
Apparently, many of them are not musicians by trade. They’re teacher, civil servant, self-employed businessman, housewife, medic, etc. And not a single one in the group consider themselves as a musician. They see music as a tool to connect with other people. In their own words, music meant to be a way, not a destination.

I think it’s quite a brilliant idea, when executed properly (which seems to be the case here).
Music is the human’s universal language. I can even use it to communicate with my babies.

Upon more reading, I found out that they’ve travelled all over Indonesia. They played their music, soothing the restless masses, and then talk with them regarding their problems, and enlighten them. Their music becomes a powerful tool, connecting them too all sorts of people; from the poor to the rich, from the grass root to the elites.

Cak Nun (Emha Ainun Nadjib) himself is a well-known humanist figure. He was among the ones who stand in front at the time of “Reformasi” – people’s movement to replace the bloody dictatorship who has ruled Indonesia for decades. “Cak” is a loving calling to a brother, and Cak Nun actually does not like to be called “kiai” (a guru / a master in religious matters).
He seems to be an intelligent and unique person, and it definitely shows in his music.

“Kiai Kanjeng” is actually the name of the gamelan being used in their performance. Basically, it’s a Javanese custom that once a gamelan crafter has finished crafting a gamelan, then the creation is named. Gamelan Kiai Kanjeng is a special breed of gamelan. It’s based on their diatonic scale, but with only a limited number of notes chose. Even so, it’s been used successfully in their various music style.

At the moment, they should have left London and now should be heading towards Manchester for their next show. I wish them the best.

Living frugally

If you live in USA, you may find this post useful:
Websites for the frugal

For all others – the key is in the “little things”. A can of Coke, a pack of cigarettes, a chicken burger, a pack of chocolate – those add up to quite a big sum in the end of the month, believe it or not.

Don’t be mistaken – you may think it’s easy to give them up; but try to actually not doing it instead.
Good luck ! (you’ll need it)


After reading news like these, now I try to buy Fairtrade products whenever I could.

Today I bought chocolate drink from them instead of from Cadbury, and their banana instead of Del Monte’s.
I wish that there are more of their products.

If you can do it, please do buy Fairtrade products.
It may be nothing / cause you only very little inconvenience – but it makes difference to others not so fortunate.

Sufi – bagian kedua

Satu lagi masalah besar dengan berbagai aliran sufi yang ada adalah ketergantungan yang sangat besar dengan gurunya. Di berbagai aliran sufi, posisi guru sudah hampir sama / melebihi Nabi Muhammad. Di beberapa aliran malah sudah menyamai Alah swt sendiri.

Beberapa contoh dari sebuah aliran sufi di Kanada:

  • Berdoa adalah sambil membayangkan wajah sang guru
  • Guru tidak bisa salah
  • Ridho Allah swt hanya bisa didapatkan dengan ridho sang guru
  • Taqlid / patuh buta kepada guru adalah kewajiban
  • dst

Padahal berbagai sahabat / ulama besar Islam sendiri justru mempunyai banyak guru. Dan sebagai guru, mereka tidak segan untuk dikritik jika mereka melakukan kesalahan.

Jangan mau dibodohi oleh oknum-oknum ini.

Patching: A horror story with Microsoft products

Note: My interest would be on security updates.

Just another reason to avoid Microsoft products – when you upgrade their product, you expect it to become better. But other things may happen instead :

  1. It may wreck your computer
  2. It may wreck other software in the computer
  3. It may create new security holes

It’s even more ridiculous for the fact that you’re paying a LOT of money for it

If you’re concerned about security of your computer system, you’ll be better off with the open-source alternative – since they tend to be more frank about the bugs, patch them quickly, and patch them cleanly.

Kerja Helpdesk

Karena backlog yang cukup banyak (1700 open calls !), minggu ini tim kami ditugaskan untuk membantu IT Helpdesk.

Kemarin mulai melihat-lihat seperti apa saja request yang ada. Ternyata, sebagian besar adalah masalah dengan Microsoft Word & Excel *hiks* – MS-Word crash, file yang tidak bisa dibuka, dst.

Duhhhh… kalau kami menggunakan StarOffice, maka saya tinggal mengkontak Sun dan membiarkan mereka yang mencoba mencari tahu solusinya. Tapi dengan Microsoft, budget kami sudah habis hanya untuk membeli lisensi software; sehingga walaupun kami memiliki ribuan lisensi MS-Office, tapi tidak ada support contract dengan Microsoft.

Kalau saja MS-Office adalah produk open-source, maka saya masih bisa bertanya kepada developernya, atau debug sendiri. Tapi, karena MS-Office adalah produk proprietary / tertutup; duh gimana caranya ya ? Kalau asal oprek-oprek saja, takutnya nanti malah jadi membuat masalahnya tambah parah.

Pantesan teman-teman di Helpdesk pada banyak yang stress :-O

Oldies but goodies

I’m a big fan of old IBM keyboards. The one I’m currently using was manufactured in 1985.
OK, so what’s so special about them ?

Well, they’re tough for starter. Which is very important when you have kids 🙂

Second, they just feel GOOD. I’ve yet to find a modern keyboard with the responsive tactile feel of this oldie. It’s a joy to use.

Third, they just keep on working. As you may have noticed, the one I own is about 20 years old. And I can expect to be able to use it for YEARS to come.

Fourth, they’re dirt cheap. This one cost me only 1 poundsterling !

The downside ? Well, they’re quite hard to find 🙁 so if you’re lucky enough to found one – don’t let it go! Also they’re quite heavy; my friend joked that they’re created to be bulletproof.
And, some may find it a bit noisy, but to me the sound is very satisfying; like a classic typewriter. You just got to hear it for yourself.

Good luck to you in finding one.

URGENT – security hole di phpBB

Ada sebuah security hole yang baru ditemukan di phpBB yang sangat serius: exploit

Saya sudah coba exploit-nya, dan memang betul kita bisa eksekusi perintah di server ybs.
Karena menyediakan contoh exploitnya yang bisa dengan mudah dijalankan, maka kelihatannya ini akan menyebabkan banyak server phpBB yang dijebol oleh script kiddies.

Jadi – SEGERA PATCH instalasi phpBB Anda !
(mudah kok, cuma edit 1 baris saja)

OpenLDAP as Metadirectory

This past few weeks I have been messing around with OpenLDAP in the interest of using it on a role as a metadirectory – the master directory that “glue” all other directories (Active Directory, eDirectory, Lotus Notes directory, etc) together.

Among things I’ve learned so far:

  • You can synch TO Active Directory using slapd/slurpd; but the tree on both directory MUST be identical.
    My config in slapd.conf :

    replica         uri=ldaps://
                    bindmethod=sasl saslmech=GSSAPI credentials=mypassword
    replogfile      /usr/local/openldap/var/replog-bcc-test
  • A better way would be to setup another OpenLDAP server, and run slapd-ldap (back-ldap) there. It’ll act as the intermediary between the master OpenLDAP server, and Active Directory server.
    The big advantage with slapd-back is with it’s proxy & rewrite capability, the tree on both server does not have to be identical.
  • An even better way would be to setup another OpenLDAP server, and run slapd-meta (back-meta) there. While back-ldap can only proxy for one directory, back-meta can proxy & rewrite (eg: act as a metadirectory) for multiple directory services at the same time

I do suspect though that back-meta would be a PITA to configure 🙂 but that’s the price we gotta pay for its power.