Alert: If you're not into computers, don't manage servers at work or at home, or don't know what TFTP, DHCP, Xen hypervisor mean, then skip this entry.

Disclaimer: I'm not affiliated with VirtualIron other than being a very happy customer so far.

I've been into virtualization on x86 hardware since 1997/98 when I got my first copy of VMWare Workstation. I'd tried PC emulators before, but I could tell this was different as the performance was infinitely better than any emulators I'd ever used. Since that time, I've also looked at other virtualization programs like Virtual PC on the Mac and later Windows, QEMU on Linux and Windows hosts, and within the past three years, I've pretty much focused on Xen virtualization because it is truly "the way of the future".

The thing that led me to Xen was that renewing the VMWare Workstation license (for home user) I had a few years back was becoming prohibitive, but I still wanted something to virtualize Windows XP with since I no longer see the point in running it on bare metal (I'm not a gamer, and audio and video production tools for Linux are much better than they were three years ago). So while looking around on the net for other free virtualization systems (I was using QEMU with it's accelerator at that point but wanted something better) I found the Xen project. I decided to install it on my Fedora Core 2 box and see what it would do. It didn't start off that well because I got the Xen hypervisor (microkernel) to boot, but the console would then stop giving me any output or way to interact. I assumed it wasn't working until I pinged the IP of my Fedora Core 2 box. It responded! I could ssh in! Weird. It was running, but no output on the screen.

It took me a little extra work, but I eventually figured my way around Xen and dedicated this box to using it. I then created paravirtualized Linux images and saw that the performance of my virtual machines was nearly 98% of running on the bare metal! It was really a sight to behold, especially on such old hardware. The only limitation was RAM. If I had more RAM I could run many VMs on this old box. I got around to that later and currently I have an old P II era celeron 400 with 384 Megs of RAM running three VMs:

Domain0 (the management domain): Doing DHCP and NTP for my network. You typically shouldn't have this domain doing much other than managing your VMs.
Domain1 (the "External" home server): Offering up three of my lame web sites, an SMTP smarhost, VPN services, external DNS for my domains
Domain2 (the "Internal" home server): Offering up MySQL for my dbmail installation, dbmail itself, postfix SMTP for internal use, internal DNS

The box is great for being so old and the virtualization really adds an extra layer of security that is unsurpassed.

However, I wanted to virtualize Windows and this was not possible until the first CPUs from Intel and AMD were released with hardware virtualization support. So, I bought a cheap Athlon 64 HP box at Best Buy and packed it with 4 gigs of RAM. I upgraded to Xen 3.0 and set up my VMs on this box. There really isn't much of a limit other than RAM as far as I can tell. Right now, this box is running a Gentoo build VM, an Asterisk PBX VM, a CentOS/Zimbra mail VM, and until recently a Windows XP VM (which I've actually moved back to QEMU for different reasons).

So basically, I know the "love" that Xen offers above things like QEMU and VMWare or Virtual PC/Virtual Server. In fact, the Xen project's technology was so impressive that MS itself is using the technology for their upcoming hypervisor in Longhorn. That is assuming it doesn't get dropped last minute...

At work, I've been planning a huge mail migration away from a system I wasn't happy with to the Zimbra system (which looks and works great). However, I really wanted nearly unstoppable uptime even in the event of hardware failure. I knew that Xen's live migration capability would offer me that (you can move a VM, while it's running, from one physical host to another without your end users ever noticing). I ran into several issues over the past month, and the VirtualIron product is what finally came in to solve the problems.

When I first set out to virtualize Zimbra, I tried installing it on a RedHat Enterprise Linux (RHEL) paravirtualized machine running on top of Gentoo Linux with a Xen kernel. As soon as I tried to install it, Zimbra complained that I needed to have NPLT support in the kernel. This was not possible with Xen in paravirtualized mode. The only options I had were to run RHEL on bare metal, which would not afford me the unstoppable uptime, or to run it in a Xen HVM (full virtualization) environment. I chose the second route.

So I got a system that I could test with and set up a TEST Zimbra box on CentOS 5 with RHEL 5 as the fully virtualized guest. But then I discovered another set of problems. The first big one, was that fully virtualized Xen guests CANNOT be live migrated or paused. The second issue was that because of the way that disk and network I/O is virtualized, you have a bottleneck in the RAM utilization on the management "host". If your disk and network I/O is very high, you'll likely wipe out all the RAM in the management domain and performance will suffer as your disk and network I/O attempt to work via swapping! Ugh. The third point, which isn't really an issue, is that I discovered the Xen's fully virtualized environment was really a specialized QEMU process! My worries about QEMU's performance grew quickly.

So I did more research and more digging around for other possible approaches. I briefly considered the OpenVZ project (which doesn't really virtualize, it's more akin to chroot). Then I found someone's blog entry on a bunch of virtualization techniques and noted a reference to Virtual Iron. We also, almost went with the commercial version of Xen: Xensource, but they got bought by Citrix who we had some issues with in the past. I'm hoping that the Xensource folks won't get screwed by Citrix in this deal. So we bought VirtualIron, as priced at the time for $600 per CPU socket (cores don't matter, only physical sockets).

I was expecting your grandfather's virtualization techniques, but I was completely mistaken as I would find out later. One of their big seeling points is that they don't use paravirtualization at all. This isn't really a good or bad thing, it's just their way of approaching virtualization. They have also been contributing back to the Xen project, so good on them! Instead, they chose to focus on the special version of QEMU included with Xen to bring it up to speed for their product. So they made sure it could do live migration! (It still can't pause/suspend/restore as far as I can tell) They also worked around the disk and net I/O issues by creating custom drivers and management software (VS Tools) to be installed in the guest after you have the OS running. This limits your choice of guests to OSes that they have their VS Tools software built for. They currently support Windows guests up to Windows 2003 Server, and many of the most common "big name" Linux distros.

So we got two big nasty servers for hosting our VMs. HP servers with 16 gigs of RAM each, and two dual-core Xeon 64-bit CPUs each. They also have fiber channel interfaces that connect to an HP SAN back-end. My original assumption was that I would install VirtualIron on each of these boxes just as I did with Xen kernel installations or any other typical virtualization technology. I did just that and was lost for a bit. All it seemed to do was install a DHCP server, a TFTP server, and a Web server (Jetty if you're curious). My confusion is partially due to the fact that their web site doesn't give you much info on the architecture. I've written to them about that since I think this product is "the bees knees" where virtualization is concerned. The Java based management interface for VirtualIron contains a "walk through" set up document in a pane on the right hand side of the interface. THAT is where I finally understood the actual architecture and layout.

To use VirtualIron Enterprise (we didn't go with Single Server which DOES work like VMWare and others) you need at least one "management server" and one "managed node". The management server can be one of a few supported Linux distros, or Windows. The fact that it could be Windows really confused me at first, because I couldn't understand how they would get a Xen kernel installed under an already existing Windows installation. Again, I was completely wrong in that line of thinking. Once I understood the architecture, I was both in awe and very eager to see this thing work. So I proceeded...

In my case, I have two managed nodes (those monster servers with 16 gigs each) and one manager (a Xeon dual CPU 32-bit system with 2 gigs of RAM and dual NICs). The manager is running CentOS 4.5, which is supported by VirtualIron as a host for the Enterprise manager. Once I had that installed and had the management network up (you basically need a different LAN dedicated to the manager and each node that you can consider "out of band"), I set one of my managed nodes to PXE boot off the manager. That's right! You DON'T need to install a damn thing on the managed node! It's diskless! The TFTP server and the DHCP server give this box an IP address, and point it to a preconfigured Xen boot image. Their preconfigured boot image is a Xen hypervisor with a very stripped down Suse Linux Enterprise 10 (SLES10) on it. So stripped down that the managed nodes can run headless. There is ZERO interaction on those boxes other than the power button!

Once the managed node loads it's boot from the network, it shows up in the Java managemenr interface and you're ready to create VMs and assign them RAM, CPU, network and storage. In our case, the SLES10 image has drivers for our Emulex LightPulse fiberchannel HBAs, so LUNs presented by the SAN are fully accessible from within the VirtualIron manager. Once VirtualIron was up, I was off and running installing RHEL 4.5 for my Zimbra installation. It's a beautiful thing! The managed nodes don't have a damn thing on them. In fact, not only do they run headless, but you don't need ANY storage in them at all if you don't want it! All VM configuration resides on the managing server. So that's the guy you want backed up reliably.

I can't say enough good things about VirtualIron. It can bring the power of Xen virtualization to anyone who wants it, even if they've never touched Linux. It really is an amazing thing.

OK... Here is what I know (or at least think I know) about Java:

1. It's supposed to be write once, run everywhere which is a good thing.
2. It's also OOP which is arguably a good or bad thing depending on your POV
3. It was released in 1995 (twelve years ago) and was a "hog" (on the desktop) then because of RAM and CPU requirements. Only within the past year or two has it become viable for desktop applications in the opinion of many a desktop user.
4. Java applications that suck are usually the fault of the developer and not Java itself.
5. The last time I checked, there was no Java native printing interface since each OS that could run Java has it's own very unique approach to printing.
6. This part I really don't know much about, but I've noticed that many Java apps seem to ignore the local host UI's toolkit in preference for the Java UI toolkit (which is pretty lame IMNSHO). I'm not sure if this is a limitation of Java, a developer who doesn't know what they're doing, an inherent quality of the write-once run everywhere nature, or a combination of all of the above.

My personal experiences with Java apps have been rather frustrating (NOTE: I'm not meaning to insult anyone with my comments, just posting my experiences):

-A Java app to manage the music on my Rio Karma. I needed to use it since I run Linux and there is no application to natively manage the Karma. I abandoned this application as soon as I discovered lkarmafs. Yes... I'd rather deal with a CLI to manage my Karma than a broken and unreliable GUI app.
-The Java interface from hell in my opinion is Cisco's latest and greatest ASDM (Java Firewall Management tool). I think it's version 6. It's a bloody mess in my opinion. I won't even go into all of it because I'd need a whole JE just for that. One simple example is that they have a section where they display a table view of information. There are column headers. But you click on them to sort by that information, and nothing happens. OK. No surprise there as this was the case in the past. However, in another section of the same app, there is another table view, also with column headers. You click on them and... they work. But they work in a pretty strange way. Instead of the customary arrow pointing up or down to indicate the sort direction or no icon for unsorted, you just get (1) (2) (3) or a blank. Very VERY bizarre, inconsistent and annoying. Is this a Java toolkit issue or dodgy coding from Cisco land?
-Sun/iPlanet's Java based administration interface for LDAP and their Enterprise Messaging Server did not like X very much. I have memories of trying to use my workstation's X server to access the application from the iPlanet server in the computer room (that is headless) and taking literally five to ten minutes to expand a tree. Eventually I wound up having to run an Xvnc server on the iPlanet box after which the Java app worked fine. So Java doesn't seem to always like being exported via X protocol.
-I had a very similar experience with the Oracle installer on another headless Digital Unix box. Once we moved to HP-UX and the version of Java for the installer was a little newer, I didn't have that problem. So that leads me to suspect that older versions of Java didn't like the X protocol.
-Of course you can also insert nearly all Java applets from the web that seem to eventually lock up browser on just about any platform.
-Since Java seems to be in constant development, there are large inconsistencies between which apps will run with which versions of Java. Leading to the ultimate annoyance of being tied to very specific versions of Java for specific apps. Eventually you wind up with many of those apps being on the same box and so you wind up with multiple versions of Java on the same box. If you're in Unix land, many times you wind up with applications that are bundled with their own Java buried deep in your system.

I'm not meaning for this to be a rant against Java. What I'm hoping is that knowledgeable people here on Slashdot can inform me as to why they chose to go with Java for their language and whether or not it really can be made to work well. I'm also specifically thinking Java on the desktop, not the server. I can see how it might be better suited to back-end work since servers tend to have the resources needed. The only question being, can it be done with efficient memory and CPU utilization?

Yay!!! I get post yet another incredibly useful way of using ssh for something that most people would think was "stupid".

THE SCENARIO:
You're on a box with a much older version of NIX on it than you should be. In the middle of doing your work, you find the certain utilities are missing, or are old enough that they have some key features missing. What do you do? Tell your boss the box sucks, get a new one. Wipe the box and all the important data you're supposed to be working on with a new installation of some free *nix? Give up?

THE SOLUTION:
In most cases, if you're working on a box like this, it's likely that your dealing with text. That was what I was dealing with and the version of egrep was too old to parse the following:

egrep '(cn:|inetUserStatus:|mailUserStatus:)'

So what did I do? I took advantage of the newer egrep on my Linux workstation using ssh:

/opt/iplanet/server5/shared/bin/ldapsearch -D "cn=King of all Mail" -w iam1337d00dzg1v3m3w4r3z -b "o=peons.org, o=werule.org" "uid=*" | ssh eno2001@10.0.2.20 "egrep '(cn:|inetUserStatus:|mailUserStatus:)' -" | less

The end result is that the text stream from the old *nix box is sent via ssh to my workstation where I run the egrep using STDIO. Works like a charm! Hope this helps someone else.

Hmmm... this is interesting. Anyone else know anything about it? I love the concept. But can it work. I'm not talking about the financial aspect as that's less important. I'm talking about the claim that they can remain unbiased.

Even though my time lately has been quite limited both at work and at home, I just discovered something I do like about Multiply.com. I can compose a blog entry there, then switch to "edit HTML" and copy the HTML to here and quickly post without having to actually type out all the HTML. Pretty handy if I'm feeling in the mood to post to both locations.

So here I am minding my own business when a co-worker asks me to make sure that an important message comes through from a specific sender (cvent-planner.com). I figure... sure. Why not. I white list IP addresses for domains all the time when it comes to legit stuff. So I do a search in our spam filtering system and find the blocked message so I can force delivery to said co-worker. But then I notice that the reason it was blocked is that according to one of the blacklists that the filter uses (could be the spam filter vendor for all I know) cvent.com (AKA cvent-planner.com) is a known spammer.
 
So, to be sure I did a little googling and found a link to someones blog
  wherein he explains why he thinks they're a spammer. I tend to agree since any business that buys names and e-mail addresses from other sources to start sending out bulk mail to them, is by my own understanding a spammer. A little more looking around indicates that this company has no real "opt out" empowerment for the recipient of their crap. Even more digging indicates that the people who started getting messages from cvent.com never signed up for anything with them and that the companies that cvent claims to have legitimately acquired the addresses from know nothing about cvent.com. So either cvent is lying, or the companies that the recipients had previous business with are lying.
 
As a result, I removed the IP white list that I'd added only minutes earlier and suggested to my co-worker that I do a "per-user" white list for her and one other associate so they can get the cvnet.com stuff but not the rest of the organization. My main reason for posting this here is to get the blogger's site that I linked to above raised higher in the google page rankings. So one more time: Cvent is a spammer!!!!
 
I almost forgot to mention that cvent appears to be somewhat aware of their status. This is a modified version of the message they sent to the people they are attempting to spam:
 
**Attention [insert vendor] conference attendees**
The conference documentation links were sent out at the end of August and again in early September. If you have not received either of these emails, they may be getting blocked.
 
Please have your IT staff or email provider add the following domain to the allowed list:
  cvent-planner.com
 
Yeah. Right. Nice try.

Join in here for a discussion on religion, politics, genetics, playing god and war.

Join in here for doom and gloom, the space program, anti-capitalism, and OS wars all in one post.

Anyone else game?

RULES: These have to be things you can't do on other proprietary platforms easily (without being a programmer), at all, or without buying additional software, or pirating software. These don't have to be things that are necessarily special within the *nix world, just things that you know you can't do elsewhere. (ie. they can be commonplace *nix operations)

My list:

1. Logical Volume Manager: resizing an existing file system without the need for a restore. I have a USB hard drive for backing up my laptop. I'd originally "partitioned" it using LVM into two logical volumes that were each 50% of the total space. But I no longer needed the split and actually needed more space within one file system. So, I deleted the 'workstation' logical volume (kind of like a partition only WAY better for you non-*nix folks) that I didn't need anymore to free up space. Then I used 'lvextend' to grow the 'laptop' logical volume to include the newly freed up space. Then I used 'resize_reiserfs' to allow the existing file system in 'laptop' to become aware of and use the newly added space. Then I re-mounted /dev/backup/laptop and instead of 55 gigs, it was now 110 gigs.

2. Network Block Devices: exporting a DVD drive (not a share) from one system over the network so that it appears to be installed on another system. I've written a lot about this here and there on Slashdot as well as made a journal entry about it. Basically, by utilizing the network block device support in the Linux kernel and the 'nbd-server' and 'nbd-client' userspace apps, I was able to allow my Linux based media center to play back DVDs from my laptop's drive over WiFi (802.11g). I've also exported partitions, raw hard drives and logical volumes using NBD to remote systems. If you do this right, you can essentially make a "poor man's" SAN with a separate network for storage (which is why I have two cat 5e drops per location throughout the house)

3. Xine broadcast: Streaming DirecTV from my media center to any other PC or laptop in the house. By starting the 'xine' media player with the --broadcast-port=5555 option, other xine players on the network can use 'xine slave://ip_address:5555' to play back whatever is being played on the media center. My DirecTV playback consists of: 'cat /dev/video0 | xine --broadcast-port=5555 stdin:/'.

4. Enlightened Sound Daemon (ESD): Utilizing the sound output on one machine for playback from another system over the network. Sure, Remote Desktop in Windows can do it, but not with the same level of flexibility. And, personally I think ESD sucks! I'm far more interested in Pulseaudio since it sounds MUCH more flexible than ESD and more robust. But that's an aside. Here's how I've used ESD to do something that you can't do on other platforms. My media center hardware is actually in the basement and the monitor and speakers are in the living room. The family laptop sits on the coffee table next to the couch. Since I have a toddler and don't want to wake her up while watching TV or movies, I set up a system where a double click on a media file gives me normal audio playback over the speakers. But what about headphones? The box is in the basement and an extension cable would be a bit much. So... in comes ESD. I set up Gnome so that a right click on the media file allows me to run my 'videoplay' script from a symlink called 'rvideoplay'. Within the script, the $0 argument is checked and if it is 'rvideoplay' instead of 'videoplay', then it runs an extra function within the script that launches an 'esd' server on the laptop and then has 'xine' run with an ESPEAKER variable that matches the laptop's IP and the esd TCP port number. So the sound plays over the laptop, which is where I plug the headphones in. So I can watch movies or TV with headphones on my large screen without bothering anyone in the house!

5. Old Hardware with Modern Software: The life of my PC hardware stays relevant MUCH longer than it would with Windows. I have a home server that is approaching ten years. It would never run Vista and could barely run XP Pro. But I can still run the latest apps on it from my chosen Linux distro with decent speed. It's a dual pentium II 450 Mhz with 768 megs of RAM and an Nvidia GeForce 2 AGP card. (Yeah, it's THAT old clunker that I've been going on about for years here) It's running the latest Firefox, Thunderbird, Openoffice. I could probably even coax it to run Compiz if I wanted. There'd be no way to get IE7, or any of the latest MS Office stuff to run on it. And Aero Glass? Fuggitaboutit!

6. Xen: Hypervisor based full virtualization and paravirtualization. While you can virtualize on other platforms and Parallels introduced hypervisor full virtualization on the Mac when Apple went to x86, Linux was first on the scene with it via VMWare ESX. As far as I'm aware, when it comes to systems that the average person has at home, only Linux and some BSDs offer paravirtualization in Xen on that kind of hardware. I started about three years ago with paravirtualized Linux on top of Fedora Core 3. Just last year I made the move to an AMD 64 box to take advantage of Xen's hardware assisted full virtualization. So I have one box running nearly eight VMs that take the place of multiple systems right now. Not only that, but it's a desktop class machine from HP that I bought at Best Buy for about $800 and added RAM to. This kind of functionality is available to anyone who wants to spend the time to set it up and take advantage of it. It's the one place where I'm running Windows in my home. On a virtual machine...

7. Private VoIP over a darknet. Using a combination of OpenVPN to establish private networks between some of my friends and family, as well as the Asterisk PBX (running in a VM on the AMD 64) and some SIP softphones... I've established a private VoIP network that allows us to all communicate free of charge and with no eavesdropping (unless someone's really interested enough to snag all the encrypted packets and use huge machines to try and decrypt them ;) While this might be doable on other platforms, it's not been doable until relatively recently. It's been available a lot longer on the *nix side.

8. Rio Karma Digital Music Player: Using the USB interface on the player and Linux's ability to mount the device, I've been able to load up music from home while at work over a VPN connection with reasonable speed (thanks to the DSL line). My Karma thinks it's getting music from the local workstation, but it's coming via 'scp' from the file server at home over a VPN tunnel.

9. SSH: Tunneling VNC (bound to 127.0.0.1 so that no one can reach it via the WiFi without tunneling) and ESD traffic via WiFi to further obscure the data that traverses the WiFi (on top of the WEP encryption).

10.'rsync' + ssh + vpn + crontab = remote backups that are easy as hell and free. I have a server at my parent's house with plenty of disk space on it. Every fifteen minutes, it checks to see if there are new photos on my server at my house. If there are, it sucks them down so I have "offsite backup".

What about you? I also invite those who use other platforms to pull off their own Top 10 cool things that they can do that can't be done on *nix. Or... conversely, Top ten cool things I CAN'T do on *nix. Should be interesting.

For your viewing pleasure.

Because I have much more control and flexibility where electronic devices are concerned. Case in point:

1. A friend has a DVD that I'm interested in watching. So I rip it on his computer (Linux box) to an image using 'dd'
2. I have my Rio Karma with me and it has 17 gigs of free space. So I use the 'split' command to break the ~8 gig image into 7 files no larger than 1 gig and then save it to the Karma's "Taxi" file space.
3. I bring the Karma home intending to copy the files to my Linux based media center. It's in the basement (where it should be instead of looking ugly in the living room) and I'd rather not take the Karma down there. So...
4. I hook it up to my laptop and mount the Karma. The laptop only has 4 gigs free so I use 'cat' in combination with ssh to concatenate all the split files back into the single image over the WiFi onto the media center's HD.
5. I use 'xine dvd://movie.dvd' to play back the image as if it were the real DVD. Full menus and everything. :)

Can't do that anywhere else but *nix. Hence the love...

Finally. A "love machine" that is fit for the average Slashdot reader. Nay... the average Web user! I give you the (NSFW as if you had to ask) love lump. And it predates Fergie!!

(Damn. It's been almost two months since my last Journal. I've been TOO busy.)

My "vacation" from my job is over which means I should hopefully have a little more time to post again. What did I do on my "vacation": one month of hard, solid work in the attic in 90+ F heat. My body aches everywhere and that attic still isn't done. What is done: floor has been fixed, cat 5e for gig ethernet on second and third floors is in place with four drops per room, the entire house is insulated, the sealed off crawl spaces have been converted to storage with nice custom built (by me) insulated doors, a low ledge around the stairwell has been built up to three feet to be a bit safer than the original eighteen inches, removed the old nasty in wall gas heater and converted the exhaust port into a portable air conditioner vent, baseboards were removed for stripping in the garage to prevent lead paint dust from getting all over the place, just started patching and skim coating in order to get ready to prime and paint... I'm hoping to have the attic done by late Fall early Winter with only one day a week to work on it now.

Here at work, I've got lots in store for me. Plus I've decided to start taking on speaking engagements to evangelize free/open virtualization technologies to non-profits. So it'll be busy, but "good busy".

I haven't abandoned Slashdot for Multiply. There's still too many things I prefer about Slashdot over Multiply. I've just been way too busy at home and at work to post much of anything. The latest is that my MIDI keyboard of 21 years finally died. So I had to get a new one, which wound up being the Yamaha MM6 over the weekend. It's pretty decent. Not a total replacement for the Ensoniq Mirage, but it will hold me over until I can afford something better. Since I was keyboardless for a week and a half I turned my eyes to (repost from Multiply follows): ..polishing up my Photoshop skills. In GIMP, of course. ;P

So I've gone back to learning more about layer masks and channels. I found a few Photoshop tutorials and it's apparent to me now that if you really know the underlying concepts, it's not hard at all to duplicate the same kind of work in GIMP for most of the basic stuff. Photoshop has changed a lot, so I know there are some things beyond the well known professional print support that it can do that GIMP can't do in quite the same way. But this isn't meant to be a GIMP vs. Photoshop post so enough with that.

What I'm asking any of you Photoshop users out there:

Q. How do you edit a photo to remove stray hairs without making the subject's head look weird?

I'm hoping you can fill in the A. part of this. After some experimentation last night and little perusing of Photoshop tutorials on-line, Here's what I did:

I followed one tutorial's suggestion to go to the channels and look at each one individually for the channel that has the most contrast between the fly away hairs and the background. Once you find it, you duplicate it. You use the levels and other color correction tools to adjust the contrast to get the edges as well defined as you want them Then the painstaking part is where you use a mix of the lasso, fill, paint and erase tools to basically create a "mask". Hard black for the subject and white for the areas you want to cut out. You might need to re-adjust levels several times after you paint in/out the areas you do or don't want. Once your have just the silhouette of your subject, you can set the channel copy to a selection, then use that selection to delete (or fill depending on your goal) a layer mask in the layers pallet. I'd recommend using the feather command to soften your selection otherwise you end up with nasty jaggies that make the cut out object look very amateurish. It "sorta worked" for me. But it's still not quite right. So I'm wondering if any of your Photoshop pros out there have any suggestions as to what you do. (I'm specifically avoiding any mask plug-ins since I'm in GIMP and there is no such animal! :)

Anyone else doing this kind of thing in GIMP? If not, WHY (outside of professional print needs)? It's completely possible.

...you need serious help. Having grown up in a mixed catholic/fundamentalist christian home, I'm glad I escaped the lunacy that is modern fundamentalism (as well as the odious counterpart called Catholicism). Are there ANY religious people with common sense? Yes. I suspect there are. And if they exist, I suspect they find the site linked above both disturbing and darkly humorous. Unfortunately, those who believe in the notions that the site above espouses are also being armed to vote in 2008. We must stop them at all costs. They have no right to participate in the election unless they have two feet planted firmly on the ground and aren't dreaming of mansions in heaven.

Disclaimer: If you're religious and take offense to my JE, you might want to analyze why you take it so seriously. The Bible is only slightly historical and definitely not to be taken literally. Especially where future events are concerned. Because if you do take it literally and that seriously, then there is little difference between you and a follower of the writings of Nostradamus.

Thank you very much Justice Kennedy for taking the first step towards potentially endangering the lives of many young women, my daughter included, by upholding a federal ban on partial birth abortio(pba)n. Yes, pba is grotesque. Yes, it's a traumatic experience for the woman who may need to undergo it. But is it any more grotesque than what we do to innocent Iraqis? Is it any more traumatic than what our soldiers go through when they know they have to kill more innocent people, when they may not want to be in Iraq anymore? No. However, thanks to your swift thinking, you've now accomplished multiple goals. I can't credit you though. You're merely a simple pawn in what I guarantee will eventually become a real full blown war in America if your side doesn't change course.

Hey! Democrats!!! Look you gutless wonders... The Republicans just went nuclear for 2008! They have you checked an mated. You're fucked. Game over. 2008 is going to be the election that surrounds the issue of abortion. The Republicans are going to make it that. They know that their lunatic fringe voters will outnumber the pro-choice voters since most of America is too stupid to even think deeply about this. So if any of you run as being pro-choice, you're committing political suicide. And if you don't, then you risk not getting the support of one of your strongest bases: women. The same goes for ANY presidential candidate on the left with a history of supporting pro-choice. If you have any spine left in you, you NEED to find a way to simultaneously support choice and keep it OUT of the discussion for the 2008 presidential election. Sounds pretty impossible to me.

WARNING: Graphic stuff below. Skip this if you don't want to read my views on sex You have been warned..

On a personal note, since I have a daughter who will likely be affected by any future rulings against her own choices, I have every right to be even angrier than before. I'm going to say this to be completely clear... I believe in sex for pleasure. Pure pleasure. 99% free of the worries of pregnancy. That's the world my wife and I grew up in. I've been "screwing" happily since my mid teens. I want my daughter to enjoy that same privilege when she's ready too. Be that age 15, 17, or 21. But I want her to be able to enjoy it without having to worry that IF she gets pregnant, that she has to screw up the rest of her life by raising a child when she's NOT ready to do that. This is the simple and basic truth. We're ready to have sex and enjoy it, in many cases, long before we're ever ready to actually be parents. I spent over half my life having sex for pleasure and will continue to do so until I die. That is EVERY person's "right to life". And I sure as hell wasn't ready to be a parent until my mid thirties at the earliest. It looks like the kid's college fund may be redirected to the kid's escape fund from this shit hole of a country. Fuck you justice Kennedy. And fuck ANYONE who thinks this is a good move.