Friday, September 29, 2006

SAK, ctrl-alt-del, and Linux keyboard mapping

A common problem with Linux systems is when Windows users press CTRL-ALT-DEL at the login prompt and reboot the machine.

To fix this some people change the ^ca line in /etc/inittab to just disable the reboot function. However this is not desirable because sometimes you want to reboot a machine with a simple keypress.

Another problem that has not been widely considered is the use of fake login prompts by attackers. This can be implemented in either text mode or graphics mode. All the fake login prompt has to do is display something that looks like a real login prompt, accept a user-name and password, verify the password (a localhost ssh connection is a good way of doing this) and then abort. In the case of a text-mode login the user will think that they entered the wrong password, in the case of a GUI login via an XDM program the user will think that the login program just crashed. Then the attacker has access to their account.

The solution to the fake-login problem is the use of the Secure Attention Keyboard (SAK) feature. When invoked this feature makes the kernel kill all processes that are on the virtual console in question. If you make CTRL-ALT-DEL the SAK combination then pressing those keys will cause the kernel to kill any processes that are attached to the current virtual console and preventing the ability of hostile programs to forge a login prompt (which is the same as it's purpose in Windows).

The next thing to do is to make another combination used for system boot. A reasonable combination seems to be CTRL-ALT-BREAK as those keys are widely separated and the combination is not used for anything else.

If you put the following in a file named (or whatever you want to call it) then the command loadkeys will apply the change. Note that when creating a keyboard map you should do it on a machine for which you don't mind being forced to perform a hardware reboot. It's easy to make a mistake and give yourself a keyboard mapping that is not usable. Another possibility is to do such testing on a machine that allows ssh logins, you can then login via ssh and run loadkeys -d to correct any errors you might make.

control alt keycode 119 = Boot
control alt keycode 83 = SAK
control alt keycode 111 = SAK
control altgr keycode 119 = Boot
control altgr keycode 83 = SAK
control altgr keycode 111 = SAK

Note that the above covers both ALT and ALT-Gr keys as well as the numeric keypad and regular versions of the delete key.

dumpkeys -l gives you a list of all possible keyboard combinations. showkey will display the number matching any key you press and will exit after 10 seconds of inactivity.

Wednesday, September 27, 2006

tcpdump and ps

Today I was doing some network tracing and figured out how to track the start and end of TCP connections. The following tcpdump command will get all SYN, FIN, and RST packets on port 80 and all ICMP packets:

tcpdump -i bond0 -n "port 80 and tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) != 0 or icmp"

Also recently I was tracking down some minor security issues related to programs that call setuid() to drop privs but never call setgid() and therefore always run with GID==0 which gives them a lot of access to the system. The following ps command gives the real, effective, saved, and filesystem UIDs and GIDs mapped to names. Note that with some versions of ps different fields have different truncation lengths.

ps -eo pid,user,euser,suser,fuser,group,egroup,sgroup,fgroup,comm

The next thing I have to do is to patch PS to show the supplementary groups.

Monday, September 25, 2006

Ethernet bonding

Bonding is one of the terms used to describe multiple Ethernet cables used to form a single virtual network link. This can be done for performance or reliability.

Bonding for performance used to be common when 100baseT was the fastest network technology that was commonly available. In 1999 servers could usually sustain considerably more than 10MB/s so a single 100baseT network interface was a performance bottleneck. At that time I worked with Cisco switches and Solaris machines that had up to four 100baseT links bonded for performance.

Nowadays Gigabit Ethernet is commonly available, most laptops have Gigabit Ethernet on the motherboard. Gigabit PCI cards are as cheap as $35, and Gigabit switches can be purchased for as little as $139. Server hardware is a little more expensive, but it's still quite cheap and commonly available.

Most people don't need more than Gigabit speed, in fact most systems can not saturate a Gigabit link due to poor application design, a slow operating system, or slow disks used to provide the data. So at this time there is little speed for bonded Gigabit networking for performance.

There is still the issue of reliability. Often you want to have two ethernet cards and cables configured so that if one breaks the network won't go down.

One annoying thing about bonding in Linux (in 2.6.x kernels) is that the module has to be loaded separately for each bond interface, and the parameters for an interface can't be changed without unloading and loading the driver (very painful if you log in to the machine via ssh over the bonded interface to do sys-admin work).

The parameters I have in /etc/modprobe.conf for bonding are:

alias bond0 bonding
options bond0 mode=1 arp_interval=500 arp_ip_target=

This means that if there is no traffic on the link then every 500ms an ARP request will be sent for the address (I used the address of my router but substituted a different value for this blog entry). An ARP request for a machine on the local LAN is a request that will always be satisfied if the machine in question and the network link are working.

The idea is that you have two switches and every computer that matters has two ethernet ports. If one port stops working (broken Ethernet card, cable, or router) then the other takes over.

The special file /proc/net/bonding/bond0 can be used to view the current configuration of the bond0 device.

Below are sample configuration files for Fedora and Red Hat Enterprise Linux to configure bonding:

# GATEWAY should be the IP address to ARP ping



Note that there is nothing preventing you from having more than two devices bonded together for reliability, but I doubt that you really need that.


At there are a heap of quotes from Debian people, and more than a few from me. It's strange reading my own writing in someone else's quote file. Some things seem so removed from context that there is little point to them. For some things I couldn't even remember writing them and had to ask google. There were some things which seemed wrong, but google showed list aschives proving the quote file to be correct.

Also when googling my quotes I found that I had written an amusing and apparently quotable flame to someone who was far from the top of the list of deserving recipients of flames.

For anyone who reads the quotes, the Double Woody refers to Balvenie Double-Wood Scotch whisky. When Debian Woody was first released I would regularly bring a bottle of the Double Wood to Debian meetings.

Sunday, September 24, 2006

RSS feed size and Planet

For fun I just set up my own Planet. Reading both Planet Debian and Planet Linux Australia is a bit of a drag due to the overlap. So I wrote a little Perl script to extract the feeds from both those sources and generate a Planet configuration. My planet is publicly available in case anyone is interested. Also you will notice that I have a formatting problem on my planet, if anyone has some advice on planet templates (I'm using the Debian package) then please let me know.

While playing with Planet I noticed that my blog has one of the largest file sizes of all the blogs from Planet Debian and Planet Linux Australia. That would be partly due to writing blog entries of moderate size and trying to maintain an average of one post per day. But also I imagine that it woul d be partly due to the blogger configuration.

I changed my main blog page from 14 days to 7 days (which took the index.html size from 80K down to 40K). But strangely I can't seem to change the number of days that are to be kept in the RSS feed file which remains at about 80K.

It seems to me that the feed mechanism is badly designed in this regard. A more efficient mechanism would be to send an XML file that describes the other blog entries, which could then be downloaded IFF they meet the criteria that are desired by the syndication software (and IFF they have not already been downloaded). If the web server and the syndication program are correctly configured then the requests could be chained on the same TCP connection for no loss of performance under any situation when compared to the way things currently work.

Also as many (most?) RSS and ATOM feed files are generated from a database it might be difficult to preserve the creation time, and thus I expect that most web caching is also broken. I haven't verified this though.

Also it would be handy if there was a mechanism for syndication programs to request notification of changes and for a blog server to push content to a syndication server. I have Planet running every 6 hours, some of the blogs I read are updated once per week, apparently my Planet server does 28 downloads of the entire XML file for every change. This might not sound so bad, but there are planets which run every hour and would therefore have 168 downloads per week.

Please let me know if you have any ideas of how to alleviate these problems, or if there are already solutions of which I am not aware.

Friday, September 22, 2006

Supersize Me

I recently watched the movie Super Size Me. Due to working some strange hours I've been eating more fast-food than usual recently and had experienced some of the symptoms that were featured in that movie.

So now I have decided to improve my diet. From now on I will go hungry rather than eating from McDonalds, KFC, and other bad food except in the rare situation that it's free (recently they had a free pizza day for my 9-5 contract). Recently I have often been having chicken rolls or stir-fried noodles for lunch (one of those two every working day), now I'm going to only have those meals rarely and have Japanese food most days (Japanese food that is half-decent is much healthier than most restaurant food). I will only drink Coke when I'm tired and I'm working on something that's not exciting enough to keep me awake without help.

Super Size Me also made reference to the academic results of children improving when their diet was improved. Based on this evidence it seems obvious to me that coding ability will also be partly dependent on diet. I expect that many people who read my blog have already proved that they can write good code while living on the worst food, but maybe they could write great code if they had better food!

From now on I will not take part in any LUG meeting that involves fast food. I think that for the good of the community we need to discourage people from actions that would impair their coding ability.

Before anyone asks, I don't plan to cease drinking alcohol. Although in recent times I have been drinking such small amounts that it's unlikely to cause any health problems.

Thursday, September 21, 2006

more on vision

I had a few comments on my last so I decided to write a new post about it.

Firstly in regard to Elspeth's comment. I agree that children should wear glasses if necessary. That part of my entry was not clear, I was trying to make the point that I can understand children not wanting to wear glasses because they think it's uncool. But adults should make decisions on more important things such as what is best for their eyes. There are real reasons for needing eye surgery, if without glasses your vision is so bad that you are legally blind then an ophthalmologist may recommend surgery for that. In cases of extreme vision problems apparently a combination of surgery and glasses is required for good results. I also think it makes sense for people who need surgery for their work, for example athletes such as Tiger Woods. Looking cool is not a real reason for surgery, especially not for the small increment of coolness that some people believe is associated with not wearing glasses.

All operations involve some risk. Risk to your vision is not worth a small amount of convenience and possibly looking cool. Besides, it's widely regarded that people with glasses are more intelligent! ;)

Shintaro mentioned that there is a risk of retinal damage from being short-sighted. What I want to know is whether the risk of that can be alleviated if you wear glasses all the time? If you wear your glasses everywhere except in bed, in the shower, and in the sento, does that stop this problem? Maybe I should try and wear my glasses for more than the ~15 hours a day that I currently do.

Finally an anonymous poster noted that they didn't know anyone else who had an optical migraine. My ophthalmologist mentioned that it's rare to have a migraine that only affects the vision and nothing else. I feel fortunate to have it like that, the list of other migraine symptoms sounds very unpleasant. Of course only having had it once I can't be sure that next time it will be the same. I might get the nasty symptoms next time. :(

However one problem with what I experienced is that it came on suddenly with no warning. It would be very unpleasant to suddenly lose central vision while driving (I would have to hope that the ability to react to objects without consciously noticing them works well). Fortunately I have only been driving about 300K per month in recent years and I can probably reduce this. So the chance of it happening while driving is quite small.

Wednesday, September 20, 2006


At the start of the year I suffered a minor injury to my left eye. This brought my vision down to slightly below average for my age. A doctor and an ophthalmologist both thought that my vision was good enough at this level and that I don't need glasses. But the ability to use a small font means that I can have more text on screen and thus do my work more effectively. Since about March I have worn glasses all the time. Regardless of what the experts say I want to have good vision all the time and there is a significant difference between my vision while wearing glasses and that without.

It's often recommended that people get their eyes tested about every 2 years from when they are in their late 20's and also get a test done a few months after any eye injury. I strongly support such recommendations for anyone who works in the computer industry. Even if your vision is slightly less than it could be it will make a difference to your work. I have not found glasses to cause me any inconvenience, I'm sure that it would be bad for children to wear glasses but for adults the only potential issue is when playing sport (which is less demanding on your vision than reading an 8 point font on a typical monitor). I am constantly amazed by TV and radio adverts which say "do you wear glasses, if so then you must have considered LASER eye surgery". Glasses are fine (IMHO) and I will not consider having a LASER or other dangerous object pointed at my eyes unless I am in danger of death or blindness!

The testing apparatus that an optometrist uses is interesting to inspect if you like machines. It is a device with a huge selection of levers for inserting different lenses in front of your eyes until they discover the combination that gives you the best vision. If you get your eyes tested make sure you get the optometrist to explain everything, you can learn many interesting things.

Recently, I have had a further eye problem. Recently my central vision went blurry with a shimmering affect for about 40 minutes, but the peripheral vision was OK. An ophthalmologist diagnosed this as a migraine, apparently I got a very mild one with only a minor visual affect but no headache etc. One thing that is apparently possible when experiencing migraine related vision impairments is the ability to act on visual information without consciously knowing it (EG catch a ball without seeing it).

A migraine is a better diagnosis than I had feared. The movie Super Size Me (the topic of tomorrow's blog entry) contains an interview with a main who describes a diabetic vision problem that sounded similar to mine. Migraines don't cause permanent problems while diabetes can, and diabetes requires lots of unpleasant blood tests and injections.

Apparently migraines are often triggered by physical events or food items. If you suffer one then it's recommended that you write down as much information as possible about the previous 24 hours to help track down the cause. If you experience something similar to what I describe then do not take this blog entry as medical advice, instead rely on a doctor and whichever specialist they refer you to. But do write down everything that happened prior to the medical problem (keeping an accurate diary can't do any harm).

The Wikipedia entry on Migraines has a lot more interesting information, but don't take it as medical advice either. One particularly interesting thing in the Wikipedia article is the note that migraines may be caused by not having suitable glasses, or prevented by wearing special glasses.

Tuesday, September 19, 2006

War On Terror - the game

TerrorBullGames has just released the board game War On Terror. The first I heard of this was a short article in a local news paper about how much the game has offended some people (quoting someone who was injured in the London bombings). A co-creator of the game Andy Thompkins said "We accept that some people think this is in poor taste and may see it as puerile. But we would say that launching an illegal war on Iraq is in poor taste".

It's not as if profiting from terrorism is anything new. Governments in Australia, the UK, and the US have profited from it at the ballot box and also used it to stifle opposition parties to get unpopular legislation approved. An example of this is the attempts of the Bush regeime to legalise torture, see the Washington Post and The Age (Australia).

Shortly after 9-11 almost every computer company that had anything to do with backups or disaster-recovery was advertising heavily. Oil companies have done particularly well with high prices, they would have done even better if the plans for Iraq had succeeded.

TerrorBullGames appears to have an aim to draw attention to the lies of politicians, which makes them better than everyone else who has profited from 9-11. Maybe if they draw enough attention to the bad things that our governments are doing they can influence the results of elections, and we can get governments that don't promote terrorism.

Here's a review of the game.

Monday, September 18, 2006

siteminder - what you expect from CA

Recently I've been unfortunate enough to be the sys-admin of some systems running CA software, the specific horror in this case is Siteminder.

The latest excitement was when an important machine stopped working abruptly and gave the error "ff ff ff ff" in the Apache error log. I have been familiar with the error message "ff ff ff" which means that the Siteminder policy server can not be contacted. But it took me a while to discover a message in the policy server logs indicating that a client was connecting to it with an invalid shared secret. It seems that the policy server had suddenly changed it's shared secret for no reason I could determine.

A google search for this issue turned up a single blog entry about it, which reports the "ff ff ff ff" error message as appearing in the case where the "ff ff ff" error occurs on the machines I run. Maybe I'm running a newer version, or maybe drax0r wrote the wrong error message by mistake. My colleagues have seen the error message "ff ff", we are still unsure of what that means.

For people who haven't used Siteminder I'll briefly describe how it works. There is a 2MB Apache module (larger than httpd and all the modules shipped in the RHEL package) that implements the access control and content management (compiled with -g, presumably because it will SEGV if compiled with -O2). This module spawns a daemon from Apache. Unfortunately the daemon code drops the root UID but does not drop the root GID (fun for security), I wrote a patch to the runuser program that can be used to address this by changing GID before running Apache. Then all communication between Apache and the policy server goes via the daemon process via sys-v IPC. Of course if the daemon crashes then the IPC resources are not freed and then it won't restart unless the system is rebooted or the semaphores are manually removed.

Sunday, September 17, 2006

why I joined the Australian Greens

In 2004 I was browsing the web sites of the various political parties to see how they met my needs. The only party that stood out was the Greens. The reason for this is that they had some material on their web site that was positive towards free software and made mention of helping members install Linux (apparently they ran some sort of Linux install-fest for their members).

Earlier this year when I offered to burn copies of Fedora Core 5 for anyone who wants it, one person who accepted was Matthew Wright of the Victorian Greens. As I was in the area I dropped the CDs in to the Greens office. It seems that the principles of the Green party agree with my beliefs in almost all areas.

The Greens Charter has many points that might surprise some people, the majority of the points in the charter do not directly relate to the environment. Many people join the Greens without having the environment as a key issue, the issues of social justice, non-violence, and free flow of information attract many people. The Greens IT policy has attracted quite a number of people in the Linux community!

Also it should be noted that concern for the environment does not require that you like the environment! If you want to spend all your life inside a building in front of a computer then you still want good quality food and an absence of natural disasters. The environment is bigger than us, we depend on it, and we don't understand much about it. The fact that different experts give differing opinions about the scope of the global-warming problem is not a reason for complacency, in fact it's the opposite - it's a reason to be cautious about things we don't understand that can kill us!

The Green parties in other countries are all independent (while still loosely associated as part of the international Green movement). So there will be some differences in the policies of the Green parties in different countries. But I expect that there will be a lot in common.

A final positive thing about the Green party is the integrity of the people in the party. Unlike most politicians you can expect the Green senators to do what they promise to do and to vote according to party policy.

Saturday, September 16, 2006

the next feature for a spy movie

I have noticed that motion sensors on burglar alarms don't detect small movements. Presumably they are also less effective at detecting small objects that move (otherwise they couldn't be used if there were mice).

For an adult to move slowly enough to avoid detection by the typical cheap burglar alarms is quite difficult, and probably almost impossible to do reliably. For a small machine to move slowly enough that it's combination of size and speed doesn't get detected would be much easier.

So it should be possible to design a burglary robot that can open doors and crawl across the floor slowly enough that the alarms are not tripped. Such a robot could step over laser beams (which you always have in movies) much more easily than Catherine Zeta-Jones and then crawl up the wall to the motion sensor and disable it.

In a movie such a robot would probably be autonomous, but for constructing one in real-life 802.11 control would be the way to go.

If someone from Hollywood is reading my blog, please feel free to offer me an obscene amount of money for this idea. ;)

Friday, September 15, 2006

sendmail - the MTA for insecure systems

Sendmail is the most prevalent Unix MTA. It is the oldest MTA and is still one of the most powerful ones that are available. However it has never been known for being secure.

Most of it's bad reputation comes from regularly having serious security holes. The above URL has the most recent one. Neither Qmail nor Postfix has had a serious security issue. Dan and Wietse appear to have aggressively audited each other's code in an attempt to find such a hole without success.

Sendmail was initially designed with a single process running as root which does everything. Any bug in that program and you lose. In recent times you have two processes, one of which doesn't run as root. This alleviates the problem but doesn't compare to the 10+ programs that may be run for different tasks on a Postfix or Qmail system, of which only two will have root access (the local delivery process and the master controlling process).

Another part of the Sendmail problem is the crufty old code. Exim has a similar design to Sendmail in terms of process duties, but has a much better security history due to being written more recently.

On many occasions over the last ~8 years I have had debates with Sendmail advocates regarding the security issues. The Sendmail advocates have consistently claimed that all the bugs are fixed now and Sendmail is only attacked because it's popular. Given the track record it seems that it's a bad idea to claim that the security flaws have all been fixed.

In regard to the popularity issue we have to keep in mind that fact that Windows has a much larger user-base than Linux. Any argument that you might make in favor of Sendmail over Postfix in terms of security flaws being a function of popularity is an argument in favor of Windows over Linux. I find it particularly amusing when BSD users claim that Sendmail only gets cracked because it's popular. What does that say about the security of BSD given that BSD is much less popular than Linux?

On many occasions people have pointed out to me that you can run Sendmail as non-root. Almost 10 years ago I wrote a web page describing how to do this. Doing that has always been a hack, although it should work reasonably well for a machine that only runs Sendmail as an outbound relay.

Sendmail was a nice MTA in the early 90's. But it's time has passed. Let's all upgrade to mail server software that doesn't require regular security updates. Sendmail and Exchange belong in a software museum, not on the net.

mailing list culture

There is currently a big debate in progress in Debian. I am not going to mention any specifics because too much of it has already been blogged (maybe in the same syndication in which you read my blog).

I think that the way things are going is more an illustration of the failings of mailing list culture than of failings of Debian. Maybe another mechanism would be more productive in leading towards a solution.

One option that occurred to me is debate via wiki. If each side had a wiki page that they could modify then in a small amount of time we should get a set of two main consensus opinions which would each be explained clearly and summarised well. Then with two options clearly expressed the people who have less strong opinions could decide which option they favor. For this to be a quick solution honorable behaviour would be required from all people involved, if people start trying to sabotage the other group's wiki entries then it would significantly increase the time taken to achieve things.

Another possibility that occurred to me is debate via blog. The quality of blog postings is expected to be a lot higher than that of mailing list discussions as all posts are tied to the author's public image. Writing content-free messages on a mailing list is easy, but every blog entry needs to stand on it's own to a certain extent and anyone who writes flames in most of their blog entries will probably find that the readers like it less than the readers of a typical mailing list.

Maybe when an issue is recognised as highly contentious a few people could blog about it and then form groups to develop wikis to promote their views. A debate might start out with five or more different competing views, some of them would merge until there were only two main opinions being pushed. Then once the two remaining groups had sorted out their positions a vote would be easier to arrange.

What do you think?

Wednesday, September 13, 2006

IT companies and toxic waste

Greenpeace has an interesting article about how IT companies rank in toxic waste problems.

Dell rates quite well, I feel happier about my recent purchase of a large Dell TFT monitor now. HP does reasonably well, that's fortunate as the Green party in Victoria has recently purchased a HP server. But next time we discuss such things I will suggest that more consideration be given to Dell servers because of this issue.

Lenovo does really badly, I'm surprised because I would have expected IBM to do reasonably well and I didn't think that Lenovo would make significant changes. From now on I will refrain from purchasing Lenovo products. I will still purchase second-hand IBM products, but nothing under the Lenovo brand until they clean up their act.

Also it's worth noting that computers manufactured with toxic chemicals will outgas some of the chemicals into the local environment (IE your server room, bedroom, or wherever else you have computers). Avoiding the computers manufactured with toxic chemicals is not only good for the environment, but also good for your health!

Tuesday, September 12, 2006

blogging software

Previously I asked for advice about running an Intranet blog, and running an Internet blog with hosting for friends.

In response to the question about running a small Intranet blog the recommendations were strongly for Wordpress, with a mention of Ikiwiki as well. One of the features that I consider desirable is for software to be reasonably popular which means that support is often easier to obtain. So Wordpress is my main candidate at this time for Intranet use. I'll install Wordpress and probably won't try anything else unless Wordpress fails in some significant way (which seems unlikely).

In response to my question about a blog server for serious blogging again Wordpress was well recommended. There is also a version of Wordpress in beta called Wordpress MU that supports blog server operations such as Although I didn't mention it before I have had some ideas of starting my own server along such lines so Wordpress again does well.

Over the next few weeks I will start playing with Wordpress and Wordpress MU. If things go well I'll move my blog away from blogspot and to a domain I own in the near future.

Monday, September 11, 2006

C - the suit and tie of programming

I was watching some music videos recently and was amazed by how badly dressed most performers were by today's standards. As far as I can recall the only musician from the 80's who still looks good in their videos is Robert Palmer, a suit and tie doesn't go out of fashion.

I started thinking about what the computer equivalent to the suit and tie is. It's something that never goes out of fashion and that is generally used for work. I came to the conclusion that C is the best fit. Think of languages such as VB and the .Net environment as being skivvies and high-waisted jeans.

C is not a perfect language, it is often difficult to manage text in C and LDAP programming is particularly painful (compared to Perl where it's trivial). But then it's quite inconvenient to wear a suit sometimes, you can sit on grass while wearing jeans but not in a suit.

Pictures of you wearing a suit will not look daggy by the standards of next decade, and C code that you write now will be better regarded than VB or whatever other fad language might be used.

Sunday, September 10, 2006

what's a good blog server for serious blogging?

I'm getting sick of blogger. The main thing is that I'm simply not a user. Taking what someone else gives me and just putting up with any failings doesn't suit me at all. I can deal with bugs in things I control (such as Linux distributions) because I can fix the bugs I consider important at any time.

So now I'm looking for a serious blogging program. Wordpress was strongly recommended to me after my previous post on the topic of blogs, but that was in regard to a simple blog program for Intranet use. I am now after a blog program that is designed for Internet use, it must have good security, support multiple users (some of my friends will probably want to use my blog server machine), and not be overly difficult to customise (I am resigned to the fact that I will have to learn another programming language - probably re-learning PHP or Java as that is where web programming is at nowadays).

One thing that I want to do is to have the main web page that displays all recent posts display each post in a frame with a separate Adsense section. The topics of my posts vary a lot so I want to have adverts that match.

Another feature I want is to have multiple RSS feeds with different settings. One use for this is to have tags for each post to specify which channel(s) the post will end up on, another is for Adsense for feeds functionality which I want on for some feeds but off for others. I also want to generate multiple feeds for different syndication services. Ideally a syndication service such as Planet Debian or Planet Linux Australia would use a unique feed for sucking it's own data and also have a unique feed address advertised on it's site for the users (if this isn't supported or desired at the syndication level then I can do tricks in the web server to serve different content for different IP addresses). That way I can track use by the different services, work around bugs in syndication services that matter to me, and change settings for post summaries, etc to suit the syndication service.

In terms of HTML editing I only need the most basic functionality. I would be entirely happy to write blog entries in raw HTML, my friends would probably desire line breaks to be converted to paragraph or break tags and basic linking functionality, but they could probably deal with entering bold and italic tags themselves (the few of my friends who couldn't manage this would probably only want to write plain-text in paragraphs).

I also want to run my own syndication software. I guess I have to consider blog server and syndication server at the same time as there may be some dependencies (EG having them both written in the same language might be handy - I don't want to re-learn BOTH Java and PHP). The syndication software would ideally automatically collect the feeds from other syndication services that I specify (although I'm sure I could write a simple Perl script to scrape them from the Planet web sites). Then I want to provide an RSS feed of that content for anyone who wants it.

Please let me know via email or comments if you have any suggestions about which software to use.

Saturday, September 09, 2006

SE Linux is like a moat filled with sharks with laser attached head gear

Here's an interesting blog entry comparing SE Linux and AppArmor. It has some amusing comments, one of which I used for the title of this entry.

There are two things I don't like about AppArmor. One is that it doesn't label Inodes but instead bases it's access control on file names. This means that renaming a file may change the access granted to it, and a file with multiple hard links may have different sets of access granted to each name. The hard link problem is a killer, imagine that name A grants execute access to the file and name B grants write access, therefore you have the ability to create an executable file.

The other thing I don't like about AppArmor is that it's goals are low. The current implementation of AppArmor can be compared to the SE Linux targeted policy. The difference is that AppArmor is currently achieving everything that it was designed to do while the targeted policy is intentionally providing less security features to give greater ease of use. There is a well defined transition path from targeted to strict, and from strict to MLS. There is no transition path from the current AppArmor implementation to something better.

Rumor has it that Suse have bought the rights to a MLS system and that they want to get LSPP certification. LSPP certification requires that access control be based on Inodes not file names (IE renaming a file may not change the access that is granted to it). It will be interesting to see how they integrate AppArmor and a MLS system.

Friday, September 08, 2006

communism and ticket "scalping"

In the USSR the government fixed prices on all commodities, how desirable an item was merely determined the length of the queue not the price. Today in the same manner when purchasing tickets for concerts and sporting events the desirability of a ticket determines the length of the queue not the price.

It seems to me that the solution to the "scalping" problem that has recently been described in many newspapers is to have the companies that sell the tickets run a public auction. The current situation is denying fans the option of paying more money to guarantee a ticket, denying the musicians the best payment for their services, and not serving the best interests of anyone except the scalpers!

Internet auctions are easy to setup, ebay even has online store facilities that any merchant can use - it would be easy for any company that is running a concert to sell all the tickets at auction through ebay. People who don't have the ability to access the Internet could pay an agent to bid for them so no-one would be excluded.

A well run ticket auction system would maximise revenue for the company selling the tickets and guarantee that fans can get tickets if they are prepared to pay enough. It would be best for everyone!

Some people with weird communist tendencies (the ones who want to emulate the least effective and useful aspects of the USSR) claim that the current ticket sales system (where all tickets are sold in 10 minutes to whoever queued for the longest time or phoned in at the right moment) allows poor people to purchase tickets at lower prices than an auction might deliver. What they fail to realise is that rich people pay others to queue for them, whether that is by paying scalpers who buy tickets in bulk or by paying one person to sit in a queue for them. There are people who are happy to sit in a queue for a few dollars per hour and people who pay them to stand in line.

Thursday, September 07, 2006

Advice for speakers

I am not an expert at public speaking. Attending Toastmasters to improve my speaking skills is on my todo list. However having given hundreds of talks over the course of about 14 years and being paid for giving talks (the minimum criteria to claim to be a professional speaker) I think I can offer some useful advice, at least in regard to giving talks for free sofware audiences. I will cover some really basic things in this post, so experience speakers will find some of them obvious.

The most important thing of course is to know your topic really well. You can skip every other piece of advice and still do reasonably well at any Linux Users Group meeting if you know your topic well enough. Of course if you want to talk at a conference then taking some of the following advice would be useful.

Record your talk, it is useful to review the recording to learn from mistakes. Don't worry too much about saying "um" or other common speaking mistakes - it takes a lot of practice and effort to avoid such things. When recording your talk record it from the start of the introduction (you never know when the person introducing you will say something particularly flattering ;) until after you have left the podium. It's not uncommon to have question time, to thank the audience for their attention after the questions, and to then have another round of 15 minutes of questions afterwards. The only time when you can confidently stop recording at the scheduled end of your talk is when there's someone scheduled next.

For recording a talk an iRiver is a good device to use. An iRiver will create and play MP3 files, and it's not particularly expensive nowadays. Apparently some of the newer iRivers are polluted by DRM, I haven't verified this myself though.

After your talk review the MP3 you made as soon as possible. You will always find mistakes in such a review, don't be concerned about minor ones (everyone makes small mistakes when on a podium, unless you are famous enough to get media interest a few small slips don't matter). If you make a significant mistake or if you were unable to answer some questions then you can send email or make a blog post about it later. You probably won't remember most of what happens during your talk so your recording is the only way to follow up on questions (if you tell someone in the audience to ask you a hard question via email they won't do it).

Summarise all questions during the Q/A part of the talk. This means that everyone in the audience will know what was asked, and also your recording of the talk will have a copy (usually an iRiver mic doesn't cover the audience).

Before giving a talk learn as much about the audience as possible, and feel free to ask for advice from people who know something about the audience and people who are experts on the topic. The most important thing to learn is the expected skill level of the audience including the range of skills. Often when giving a talk about a technical topic it's impossible to make all people in the audience happy. You will have a choice between making things too simple and boring the most experienced people or explaining the technical details and having the less experienced people be unable to understand. Sometimes due to the combination of topic and audience you will get 10% of the audience walk out regardless of which choice you make. You can't please everyone.

Caffeine can help you stay alert enough for a talk. In email and even in IRC there is time to stop and think. When giving a lecture to an audience answers are expected immediately. In the space of about 5 seconds you want to compose an answer for any question that gets thrown at you or determine that it's something that needs more consideration and has to be answered via email.

One of the problems you face when giving a talk is going through the material too quickly because of being nervous. If you feel that happening to you then drinking some water or your favourite fizzy drink is a socially acceptable way of taking a few seconds to compose yourself. Asking for questions from the audience is another way of getting a talk back on track if you have started going through the material too fast. Also if you are in the audience and observe this happening then try and interject some questions to get things back on track, it doesn't matter what the questions are, ask lame questions if necessary, anything to stop the talk from finishing too soon. I was once in the audience for a talk that was scheduled for 60 minutes and ended up taking about 5, it finished before I could even think of a question to ask. :(

I find that questions help to estimate how well the audience is following the presentation, and I prefer to take questions during my talk. Some people prefer to give a talk to a silent room and then take questions at the end. I think that preferences in that regard are determined by whether your speaking experience is based in universities that strictly enforce a code of conduct for lectures, or whether your speaking experience is based in LUGs where heckling from the audience is common.

Go to the toilet before giving a talk. Speaking for an audience is stressful and you never know when you might feel more nervous than usual. If consuming a caffeinated drink then you will have even more reason to go to the toilet before the talk. This is not a joke!

Having a copy of your presentation notes on a USB device (preferrably in multiple formats) is handy. It's also convenient to have the device formatted with the VFAT filesystem. One time I had a lot of hassle from a Linux conference (that I won't identify) due to the fact that the organizers only used Linux for servers. They wanted to print my lecture notes for all members of the audience and were unable to get a Windows machine to read my ext3 formatted USB device and then had problems with the OpenOffice file.

All my advice in this post is based on personal experience. Don't feel afraid about public speaking because of these things. Everyone makes mistakes when starting out and even experienced speakers have talks go wrong on occasion. Also keep in mind that a talk which seems to have failed when you are on the podium might get great reviews from the audience. The aim of a technical lecture is to impart information about the technology, you can achieve that aim even if you make some mistakes in the presentation.

PS Please give talks for your local LUG. They need speakers and it's a good way of gaining speaking experience in a friendly environment. Remember, they heckle you because they like you. ;)

Wednesday, September 06, 2006

more on clean energy

One new technology for saving fuel in cars is the 6 stroke engine. This is an engine that has two power strokes for every intake of fuel. The first power stroke is from the fuel burning, the second is from water being injected into the cylinder and boiling rapidly using steam for power. A significant amount of the weight of a car or truck engine is the cooling system. With water being injected into the cylinder after every burn the engine will require no other cooling, this can mean a weight reduction of up to 500KG for a truck engine! It is claimed that this technique can "improve a typical engine’s fuel consumption by 40 percent". Note that this technique could be combined with the technology in a Prius for even greater efficiency.

Simon Richter wrote an interesting response to my blog about clean energy. I'm guessing that the part of Germany he's from is similar in some ways to Amsterdam (where I used to live).

In Amsterdam tiny cars are used a lot more than they have been in most places. There is the Smart Car but there is also a tiny car that can only seat one person (I'll update this entry with a link if someone provides me one). The tiny car appears to weigh ~200Kg, has a maximum speed of 30Km/h, and is narrow enough to fit in bike lanes. Such cars will take little petrol and can be used for shopping. The short-distance car idea is being used by many people already in northern Europe.

Simon suggests having a standard baggage container that fits in all cars. I don't think that would work as there are many different design factors (parking space, cargo capacity, and aerodynamics) which force designers to choose different shapes.

I think that a better idea would be a standard baggage trailer that could be towed by any small car. It should not be difficult to design a trailer that can be safely towed at 30KM/h behind a tiny car. The supermarkets could rent such trailers to shoppers for a nominal fee. Then most shopping trips could use the cargo capacity of the tiny car, but when buying supplies for a party you could rent a trailer from the supermarket.

Another option is having shops deliver goods to you. I have observed an increasing number of people doing this at my local supermarket. Of course you would still need to take ice-cream home yourself and maybe milk and meat too.

Electric scooters are also a good option for travel. Unfortunately in Australia there are few good options for securing them at the moment. As an electric scooter is light enough to be carried it needs to be chained to something secure. In the Netherlands this wouldn't be a problem as the bicycle infrastructure includes plenty of bike racks to which you can chain your bike, scooter, etc. Of course the Netherlands is entirely flat so there's no need for an electric scooter. Melbourne has a lot more hills and most people aren't fit enough to ride a bike so scooters are needed to replace cars.

Regarding depersonalised cars. That would require a significant social change as currently cars are extremely personalised. One thing that I had been thinking about is the idea of sharing cars with neighbors. For example if you have an apartment building and there are a few people you trust then you could share a tiny car for going shopping. Sharing a car used for driving to work or for entertainment would not work well as the car would spend most of it's time in use (or at least parked somewhere away from home). Sharing a car that's used for small journeys would be much easier as such a vehicle would spend most of it's time at home.

In Australia most families have two cars. One is used a lot (spends maybe 70 hours a week away from home) and the other is used much less (maybe 10 hours a week). Instead of owning two cars it would be possible for families to own one car and share another.

Regarding the Pebble Bed Reactor, could the people who advocate it please read the Wikipedia article. The limiting factor is not thermal expansion (solids do not expand nearly enough) but the Doppler effect (fast neutrons are not as effective at triggering fission). But in spite of that issue, let's not consider an untested new reactor design to be the savior of nuclear energy. I think that most people who read my blog have a science or engineering background and know from experience that new technologies often don't work too well in the first version. When a new CPU has a bug it's usually not a big deal. When a new OS or application has many bugs it's often expected (expecially when the OS or application comes from a monopolist). But if a new design for a nuclear reactor turns out to have a bug then it will be a more serious issue.

Tuesday, September 05, 2006

Rip It Off unless you use windows?

The music sales website has the advertising campaign ripit - don't rip it off. However the web site displays the below message when viewed on a Linux machine. The "step by step guide on how to enable Firefox" is really a guide on how to get IE code running in a tabbed window in Firefox (so you can get all the security problems that Firefox normally prevents).

Ripit has a big advertising campaign (TV and all the other places) with the slogan "ripit - don't rip it off", but it seems that this has the caveat that people who don't use Windows aren't wanted as customers. Are non-Windows users expected to "rip off" the music?

What are the options of buying music without dealing with the music cartel? I'm sick of all the things that they do, preventing free trade to articially inflate prices in some countries, ripping off the musicians, putting root-kits on CDs. Eventually the recording industry has to be destroyed. Most money from CD sales goes to the recording industry (not the musicians), the products provided to the customers are of low quality and customers are routinely treated like dirt, the recording industry does no good for society.

From now on I will not buy any CDs or DVDs of music from the recording industry cartel. I will only buy music from web sites that support standard Internet protocols. If a music company doesn't want to support Firefox then they don't want my money. For any music industry people who read this, don't get the idea that I'm unable to pay for music. I have a large collection of CDs (thousands of dollars worth) and was just starting to buy music DVDs when you finally offended me too much.

Thank You for visiting the Ripit Music Store

We have detected that the browser you are using is not compatible with the Music Store that you are attempting to access. This site has been designed to work with Internet Explorer Version 6 or above. Please launch the site in Microsoft Internet Explorer 6 or click here to download Microsoft Internet Explorer 6.
Also, music can only be downloaded via your Windows PC as this store is not compatible with Macintosh.
If you are using Mozilla Firefox, please click here to view the step by step guide on how to enable Firefox to surf the Soundbuzz Music Store

Monday, September 04, 2006


For a long time I've enjoyed reading books by David Brin. Not only does he have some good sci-fi ideas and a good writing style, but he's also a cool guy when you meet him at a signing. One of the core concepts in a number of his books is the idea of uplift, whereby advanced races use a combination of breeding programs and genetic manipulation to raise animals to a similar level to humans in terms of intelligence and ability to use tools.

I believe that it's a necessary step in the development of the human species to encounter other species as equals. It seems obvious that a person who was raised in isolation would not be able to reach their full potential (there are many examples of children being abandoned and living with animals, the results are not positive). It also seems obvious to me that a species that is raised in isolation without interacting with other equal species will also be unable to reach their full potential. I believe that the human race needs to meet with another species of an equal level as the next stage in the development of our civilization.

Given the lack of success of SETI programs it seems that uplifting a species such as dogs, monkeys, or dolphins is likely to give better results in this regard than trying to contact non-human intelligent creatures.

Dogs might be a good first choice for uplift because they are well domesticated, this means that you are permitted to own them in residential areas without a license and there are good veterinary services for them. A possible way of starting an uplift program would be for people around the world to buy dogs of some particular breeds and then measure them by some objective scales. There are intelligence tests for animals that could be applied to dogs, the ones that get the best scores would be permitted to breed. Also we would want to breed them for communication ability (the ability to talk) and dexterity (evolve their toes into fingers). The statistics of the dogs and their lineage (don't want in-bred dogs) could be stored in a database and the breeding program could be done in an open-source manner over the net.

Most domesticated dogs are in-bred to some degree so we would want to cross-breed them to some extent. Poodles are reasonably intelligent and live for a long time so may be good for a start to this program, also blue-heelers, terriers, and labradors are reasonably smart and could be included.

Sunday, September 03, 2006

RAID etc

On a closed mailing list someone wrote:
2 X 120gb ide drives installed as slaves on each ide channels. ... Presto. A 230'ish GB storage NAS for all my junk.

I'm not going to write a long technical response on a closed list so I'll blog about it instead.

Firstly I wonder whether by "junk" the poster means stuff that is not important and which won't be missed if it goes away.

If P is the probability of a drive not dying in a given time period (as a number between 1 being certain death and 0 an immortal drive) then the probability of serious data loss is P^2 for the configuration in question.

If P has a value of 0.5 over the period of 7 years (approximately what I'm seeing in production for IDE drives) then your probability of not losing data over that period is 0.25, IE there's a 75% chance that at least one of the drives will die and data will be lost.

If the data in question really isn't that important then this might be OK. About half the data on my file server consists of ISO images of Linux distributions and other things which aren't of particularly great value as I can download them again at any time. Of course it would be a major PITA if a client had a problem with an old distribution and I had to wait for a 3G download to finish before fixing it, this factor alone makes it worth my effort in using RAID and backups for such relatively unimportant data. 300G IDE and S-ATA disks aren't that expensive nowadays, if buying a pair of bigger disks saves you one data loss incident and your time has any value greater than $10 per hour then you are probably going to win by buying disks for RAID-1.

As another approach, LVM apparently has built-in functionality equivalent to RAID-1. One thing I have idly considered is using ATA over Ethernet with LVM or GFS to build some old P3 machines into a storage solution.

P3 machines use 38W of power each (with one disk, maybe as much as 70W with 4 disks but I haven't checked) and should have the potential to perform well if they each have 4 IDE disks installed. That way a large number of small disks could combine to give a decent capacity with data mirroring. Among other things having more spindles decreases seek times when under heavy load. If you do work that involves large numbers of seeks then this could deliver significant performance benefits. If I had more spare time I would do some research on this, it would probably make for a good paper at a Linux conference.

Debian SE Linux

Yesterday Erich Schubert blogged about reducing Debian SE Linux work due to lack of hardware. To solve such problems I've put a Debian/unstable machine on the net and given Erich the root password. Also now I am starting work on Debian SE Linux again too. There should be some significant developments in Debian SE Linux in the near future.

Also if anyone else has a problem of a lack of hardware getting in the way of free software development the first thing to do is to mention it on the IRC channel for the project in question. While Erich has demonstrated that blogging works, IRC is faster.

planet debian, spam, and SE Linux

In regard to my post yesterday about Planet Debian I received the following response:
James Purser said I'm betting that your feed is an atom feed. We had the same problem on PLOA with Jeff and Pias feeds when they switched to atom. Planet needs to be upgraded.
Well I am using an atom feed, so this probably explains it. Sorry for the inconvenience to the Planet Debian readers, I guess that things will stay the way they are until it is upgraded.

Also when viewing my blog entry in Planet Debian I realised that much of a spam message had got pasted in to the URL field for the Planet Debian link. Oh the irony that I only found this embarassing error because of a bug in the Planet software.

This brings me to another issue, Security Enhanced X. With SE-X (before you ask, I didn't invent the acronym) you can use SE Linux to control communication between windows on an X desktop. With a modification to the clipboard manager (klipper in the case of KDE) every piece of data that's copied from an application will have a security context assigned to it and this context will be checked against the context of an application that is to be the target of a paste operation. Klipper will also have to support relabeling clipboard data. Therefore if I want to cut text from my email client (Kmail) and paste it into Firefox then I would have to relabel it with the appropriate MCS categories. This would permit me to paste text from an email into a web form with a few extra mouse clicks, but would prevent me from accidentally pasting the wrong text. Keeping in mind the fact that there are many more embarassing things that could be accidentally pasted into a blog entry than the contents of a spam this doesn't seem overly difficult.

PS Before anyone jumps to conclusions. When I receive GPG encrypted email or other material that should be kept confidential I try and avoid cutting it, and if I have to do so I clear the clipboard buffer afterwards. Keeping spam a secret is not really a priority to me so I didn't take adequate precautions in this case.

Saturday, September 02, 2006

planet debian

I am aware of the problems in displaying my blog in Planet Debian. I have filed a bug report with blogger and informed mako. There's nothing else I can do at the moment, if you use Planet Linux Australia then things work OK. I'm not sure whether Planet Debian or Blogger is at fault.

Sorry for the inconvenience, if you only use Planet Debian then you will have to read my blog directly.

root-kits on robots

This story on on the topic of rootkits is interesting (note the OSs involved). Also it made me wonder about the other possibilities for a root-kitted robot, the mind boggles at how it might determine whether you need an enlargement to some body part...

365tomorrows is a good site, they post a short sci-fi story every day and it's all free (paid for by merchandise and AdSense). When you read the storys make sure you check out the AdSense links, it's sometimes rather amusing when Google gets some unusual interpretations of sci-fi storys and supplies adverts to match, I don't think that AdSense was designed to work well with fiction.

clean energy

There are many people claiming that nuclear power will solve all the ills of the world. However this does not seem to be possible. Firstly you have to consider the hidden costs of nuclear power such as deaths from the mining industry (ingesting uranium ore is a really bad thing) and the difficulty in disposing of radioactive waste. But rather than concentrating on the bad aspects of nuclear power (which are well documented) I will concentrate on some of the viable alternatives.

Wind power is a really good option, particularly for countries such as Australia that have a low population density and a large land area. The Chinese government is investing heavily in wind power, I think it's safe to assume that it's not because they are great environmentalists but because they simply need more energy than they can get from other sources and that they have strategic reasons for not wanting to rely on Australian coal and uranium or Arabian oil. Most energy sources have some drawbacks, but wind power has no side effects and isn't going to kill birds either (birds have evolved the ability to detect and avoid predatory birds, they can easily avoid large fixed objects such as fans from wind farms).

Two other good options are wave and tidal power. These are better than river based hydro-electricity because there is no need to create dams that remove forests. Wave and tidal power are both very predictable which is an advantage when compared to wind power which is less predictable. One solution to the unpredictability of wind power is to couple it with a river based hydro-electric system which can provide electricity when there is less wind. A hydro-electric system to compensate for days that are less windy would need a much smaller dam than one that is designed to provide the main power source.

The next issue is how to power vehicles (on air, land, and sea). Advocates of nuclear power often talk about hydrogen powered cars. However while hydrogen has a good ratio of energy to weight it is not very dense, so the energy density for volume is much less than petrol. Combining Prius technology with
hydrogen in an internal combustion engine still won't give the distance per tank of fuel as petrol does. Hydrogen with fuel cells in an all electric vehicle might allow you to drive the same distance as a non-hybrid car on petrol, but probably won't compare to the range of a hybrid Diesel vehicle.

Bio-Diesel is a good option for fuelling cars. Diesel engines give greater efficiency than Otto cycle (the most common car engine) or Atkinson cycle (as used in the Prius) engines. Not only is bio-Diesel renewable but it also produces exhaust that is less toxic than that which is produced from fossil fuels. See the VeggieVan site for more details on bio-Diesel. The toxic fossil fuels are linked to health problems in airline hostesses, AFAIK there has been no research on the impact of car exhaust on pedestrians.

One thing to note about bie-Diesel is that you can do it right now. According to a British TV documentary all you have to do is filter oil that was used for frying food (they used oil from a Mexican restaurant) and mix it with a small amount of ethanol and it's ready to use in your car. As restaurants currently have to pay to dispose of old frying oil this should be good for everyone!

Bio-Diesel could work for powering planes, there is already research in progress on this issue, but there are problems related to the viscosity of bio-Diesel at low temperatures. Maybe a blend of bio-Diesel and bio-Ethanol would work. Ethanol freezes at -114.3C and should lower the freeze temperature of bio-Diesel.

Bio-Diesel would of course work really well for ships. Supplying the amount of fuel that current ships need would be difficult. Some analysis shows that the deck area of a ship can collect enough sunlight to supply ~10% of the power needs of the ship. The Orcelle is a design for a totally clean ship that runs on solar, wind, and wave power. However with the proposed design the solar panels will not be angled effectively for collecting sunlight as they will be on sails. I think that there is a lot of potential in having a design based around sails, wave and solar power for generating electricity, and also a Diesel engine running on bio-Diesel fuel for supplying extra power when required (EG when sailing at night in calm weather). Building a ship that uses only wind, solar, and wave power would probably be significantly more expensive than the current Diesel design. Building a ship that uses 10% Diesel and 90% wind, solar, and wave power might be a lot cheaper.

There are lots of ways of producing the energy we need to maintain our current standard of living. If our government was to spend as much money researching them as it does protecting petroleum reserves then the problem would be solved.