Tuesday, October 31, 2006

religious requirements for free software development

Relgions commonly require contributions to charitable causes and helping other people. Developing free software without expecting a reward seems to fit that criteria.

If my primary religious belief (atheism) turns out to be incorrect then I am certain that whatever deity might exist would want me to do Free Software development.

It seems to me that denying people the ability to contribute to Free Software development or forcing them to use proprietary software is therefore an infringement of their rights to freely practice their religion.

Prisoners should be permitted to do Free Software development. Kevin Mitnik was prevented from using computers while incarcerated and after being released (which is wrong in so many ways). It has been recently announced that pagan prisoners in the UK are being given time off prison duties for haloween. I think that allowing free software development for people who believe that it is a religious requirement deserves at least the same protection.

Also government agencies should not require the use of MS file formats or IE for communication.

PS Day 24 of the beard is depicted above.

Monday, October 30, 2006

Xen and serial ports

Currently there is a serious problem with Xen. Fedora Core 5 with kernel 2.6.18-1.2200.fc5xen and Debian/unstable with kernel 2.6.18-1-xen-686 will not recognise both PC serial ports, and it appears that the one port that is recognised is only usable for a console not for a modem.

The Fedora bugzilla #204825 covers this and I have just filed Debian bug #396169.

The PC serial port is a fairly significant piece of hardware that is used for many things. The total lack of support for it in Xen builds is a significant impediment to Xen use. I believe that one of the potential benefits of Xen is to have applications that are exposed to attack run in a domU so that if a compromise is suspected then the memory can be dumped. Implementing this requires running Xen almost everywhere, which will not be possible if essential hardware is not supported.

I have also discovered a couple of other bugs in Xen in FC5 which I am in the process of verifying and reporting. One is that on a P3 system the plain-text console displays as black on black and the other is that Xorg on a PentiumD system will go into an infinite loop when OpenOffice is started.

Saturday, October 28, 2006

god on my side

Today I saw the movie God On My Side by Andrew Denton. It's an interesting movie about the televangelist industry in the US. I expected it to be about the shonky frauds who harm people, there was one scene in the start of a televangelist claiming to cure diabeties (a very dangerous claim that often results in serious injury to the victims of such frauds), but mostly it was about serious evangelists and not about the frauds.

What was scary was the level of advocacy of Armageddon. These people seemed very determined to have a great war between the US and Russia (haven't they realised that the USSR doesn't exist any more?). They advocated taking all possible measures to defend Israel (not ruling out the use of nuclear weapons) and didn't want any compromise with Palestine (no land for peace - after all peace gets in the way of Armageddon).

One insightful comment by an evangelist pointed out that many Christians have gone wrong in their advocacy in being based on what they are against rather than what they are for. It's a sad trend that most Christians are not able to express any positive things that they are for and only focus on things that they oppose. On most occasions when they say they are for something it is really a disguise for being against something else, EG supporting Family Values means oppressing homosexuals, preventing freedom of speech (bad language), and banning abortions (even for rape victims).

I am looking forward to the DVD release of this. I'm sure that the out-takes and some further footage post release will be interesting.

Above is the day 21 beard picture.

Thursday, October 26, 2006

planets and day 19 of the beard

I notice that Planet Linux Australia has been changed to not list the feeds URLs, instead it displays the HTML pages for the blogs.

I believe this is a bad idea as some people want to get a list of feeds for the blogs that are aggregated without having to visit all the blog sites and do it manually. One of the many reasons for doing this is for a blog server that has intermittent net access, it might be down at the moment which prevents me from adding it to my feed list. Another reason is that some people (such as me) want to automatically get a list of all feeds from the planet to add to their own personal planet configuration.

I am blogging this not to criticise the administrators of Planet Linux Australia or even to inform them (I have already send them an email). My point is to prevent other people from doing the same thing. At this time I am not sure whether this change in Planet Linux Australia was deliberate, a result of a bug in Planet, or a mistake in configuration (maybe a default changed unexpectedly).

Another planet related surprise that I received today was to notice that my blog appears to have been removed from Planet Fedora. I'm not sure why this happened, one possibility is that removing my blog was regarded as the solution to the problem of it displaying incorrectly (the better solution being to upgrade the Planet software as was done on Planet Debian). Another possibility is that my post about Gratis vs Libre was regarded as criteria for removal. If my blog was removed from Planet Debian or Planet Linux Australia then I would be able to ask the administrators about this (they have email address links conveniently located). Planet Fedora has no such link, so I guess I'll have to wait for a blog comment to find out.

I've included a day 19 beard picture, I was planning to do one yesterday but a design meeting for a VOIP project ran late and I ran out of time. I'll write a post about VOIP in the near future.

Wednesday, October 25, 2006

peak oil

This PDF (700K) gives a useful summary of the Peak Oil issues. It's on the Defence in the National Interest (DNI) web site, an interesting site of US conservative political information. Note that this is Conservative, not Neo-Con.

Tuesday, October 24, 2006

blogging and self-promotion

Are blogs and conference speeches inherently about self promotion? If so is that a bad thing?

Recently I mentioned my Planet configuration on a mailing list where most people don't track new technology. Some people viewed blog entries for the first time as a result of this and then claimed that blogs appeared to be mostly about self-promotion.

It seems to me that people offer conference speeches to promote technology that they believe in (which often equates to self-promotion as such people are well known to be associated with the technology in question), for promoting themself or their own business, or to promote the company that employes them. Of these categories of talk the worst ones are those which are given to promote a company, it's especially bad when a talk starts with "the guy who was supposed to give this talk was called to a client so I'm doing it instead" - this indicates how much the company cares for the quality of the talk. Someone who is promoting themself will care about doing a reasonable job. Someone who promotes their favourite technology will usually give a great talk! But corporations rarely get the idea that a good quality talk which makes little mention of their products is the most effective advertisement. Of recent times Google seems to be the best example of a company which gets this idea, at many conferences there are Google employees giving talks about various technologies not directly related to Google operations without any direct sales pitch. Everyone who attends such talks gets the message - Google has hired many smart people and has them working on cool things.

It seems that blogs are often written with similar motivations to conference presentations but with no control over the topic and less quality control. The difference of course is that a blog doesn't get a forum the way a talk which is accepted by a conference will. So a corporate blog has to be really good to get readers.

PS I've added the day15 beard picture to this entry, it was taken on the 22nd of October, but I had only just got around to GIMPing it and uploading it.

economics of nuclear power

It's interesting to note in this press release from the Australian Greens that Dr Ziggy Switkowski (head of the Prime Minister's nuclear taskforce) that nuclear power is not economically viable in Australia without a carbon tax. As the government has refused to consider such a carbon tax this seems to rule out nuclear power for Australia. I expect that other countries have similar economics.

I imagine that nuclear power would be viable for a country that lacks adequate wind for wind power, is not very sunny so solar power doesn't work, has few rivers so hydro-electric power can't be used, and which has no option of geo-thermal power. Is there such a country?

Friday, October 20, 2006

new hybrid Camry

Toyota in the US has released a hybrid Camry which seems to be the larger Prius that many people have wanted. Since it's release the Prius has been greatly desired by people who like technology and the environment. The only down-side to the Prius is that it is a small car and doesn't have as much room for baggage or passengers as you might desire.

The new Camry Hybrid has the Continuously Variable Transmission (CVT) that gives the Prius it's smooth ride, the keyless start (optional), DVD navigation via a large screen, six airbags, and tire pressure monitoring.

The above review states that the test car shuddered when the engine started and made odd mechanical noises. It's not indicated in the article but I suspect that the car may have been an early production test model rather than the type of car you will get if you actually buy one. The Prius I drove did not shudder or make any odd noises (in fact hardly any noise that I could hear). Maybe if I drove a Prius in a country area I would hear some noises, but in the city (which the Prius is designed for) the Prius didn't make any
engine sounds I could here. I expect that the hybrid Camry will perform as well as the Prius in this regard.

The review describes the hybrid Camry as giving 35mpg with a driving pattern that was not the most fuel efficient, that is roughly 6.7 liters per 100Km which is more than the quoted rate for some small cars. The four-door Smart cars are advertised as using 5.8L/100Km and Diesel allows even better efficiency. But if you want the space of a Camry then 7.1L/100Km is fairly good, especially considering that you could reduce that by driving more slowly. Also we have to consider that the primary aim of the Prius design (and presumably the design of the hybrid Camry) is to protect the environment by reducing the poisonous emissions, this may reduce the fuel efficiency slightly (the aim of reducing emissions is not always compatable with the aim of reducing fuel use).

There are apparently 3.785 liters to a US gallon. A US mile has 1760 yards and a yard is apparently 0.9144m, so a US mile would be 1760*0.9144 = 1609 meters or 1.609Km.


To convert MPG (the US measurement of fuel use when based on a US mile and a US gallon) to L/100KM (the Australian way of measuring fuel use) you use the above formula (where X is the MPG rating). I included this information here because I couldn't find it anywhere else.

I was going to post this before but was side-tracked by the flash issue.

Also I've included a beard picture for day 12 (yesterday).

Wednesday, October 18, 2006

blogs and bug tracking

I believe that adding blogging technology to bug tracking systems (such as the Debian BTS and the Red Hat Bugzilla) offers significant benefits for users and developers.

It seems that there is only one significant difference between the features offered by blog software and the features required by bug trackers, blog entries are owned by the person making the post (the owner of the blog) and BTS entries are owned by the package owner. This is a minor technical difference, adding the ability for anonymous users (or users who have authenticated via an email address or other method) to create new entries in a blog owned by someone else is a minor feature change. Once the entry is created only comments would be accepted, and comments could be made in the usual manner with moderation etc.

The benefits of using blogging software (or extending current BTS systems) would be to have RSS feeds of bug reports and comments on bugs, include a single feed of all bug reports (IE blog entries) and updates (IE comments on blog entries) for a single blog (IE package) - this functionality doesn't seem to be common in blog software but surely will be soon.

This would allow Planets of recent bug reports in distributions or in areas. EG a SE Linux planet installation could syndicate the bug feeds for packages in Fedora and Debian as well as other sources of SE Linux information. The SE Linux bug feeds could include all bugs with the selinux tag in all blogs on the BTS, thus a single Planet configuration could easily cover all new development and debugging.

Another configuration possibility would be to have a single blog for all bugs in a distribution and to have tags for each package, this would become messy though as tags have to be used for issues that are not specific to packages (EG a "selinux" tag would list bugs in all packages that relate to SE Linux).

Tags could be changed by any user (possibly with some restrictions), and there could be special tags for release-critical bugs or for bugs in different stages of QA (for example the Red Hat Enterprise Linux approval process could be managed by adding certain restricted tags to the bug - this would also allow getting a feed of all bugs that have passed certain approval milestones). This would make it easy to get a list of all bugs in a certain approval category.

Current BTS systems such as the Debian BTS and the Red Hat Bugzilla could be extended to syndicate content. As they already have web interfaces and support automatically sending updates by email it should be easy to add the basic level of such support to them. But it might give a better result to go the other way and modify a multi-user blog system such as Wordpress-MU to have extra features for bug management.

BTS systems typically have bug ID numbers that increase sequentially while blog software typically gives something like http://blog.example.com/YYYY/MM/blog-entry-name.html when it's often more convenient to have something like http://bug.example.com/number. Of course it would not be difficult to have a little database that allows creating sequential numbers to map to arbitrary URLs in a similar manner to tinyurl.com. This could be either integrated into blog software (so that it says "bug #1234 has been created" or be available on demand (click a link to get a sequential number assigned). Incidentally using characters and digits for the short name of the bug (as done by tinyurl.com) would allow four characters to represent 1679616 bugs, this is enough for all bugs in the Debian and Red Hat bug databases combined. With tinyurl type technology there is nothing preventing us from having a single system creating unique IDs for all bugs in all distributions of Linux with a four character index (which is easier to remember than the 6 sigit numbers used in Debian and Red Hat at the moment).

I realise that most blog software will store the entries in a database which has sequential numbers assigned. So doing a database lookup to convert a human-readable URL into a sequential index when we have just done another database lookup to convert a sequential index into a human readable form is inefficient, but that's the way of things, computers do things inefficiently so that humans can work in ways that are efficient for them.

Note that throughout this post I refer to the Planet aggregation system, but really any of the aggregation systems can be used. One of the benefits of this is that people can use mailing lists, Google's reader, Planet, or any other reader they wish with the feeds. RSS feeds can be read by many programs and the user gets to choose which works best for them.

Tuesday, October 17, 2006

more about MX records

In response to my previous post someone pointed out that MX records have an obvious benefit of offering multiple servers at different priority levels.

I don't believe that this is a benefit for many machines on the modern Internet. Most systems that have secondary MX records implement them poorly, they have less SPAM checks on the secondary MX server, and it often doesn't even have a canonical user-list! This is a really serious problem, spammers apparently often target the secondary MX server (I don't have evidence for this but many people assert it to be true and it would obviously work so is likely to be true) and it's well known that spammers often guess account names (a quick scan of the logs of any mail server will prove this). These factors combine to make a secondary MX server without a canonical list of user-names a serious spam problem, it will receive mail and then bounce it to innocent third parties (the vast majority of spam has a forged sender nowadays).

If you have the ability to run a well configured secondary MX server with a canonical list of valid account names (which must be maintained independently of the master mail server for obvious reasons) then there is the issue of why you would want to do so. What problem does it solve? In the early days of the Internet mail storage machines were often end-nodes on the network, many hops away from the central well-connected machines. This meant that sometimes connections would time-out or the hop count (which was smaller then than it is now) would be exceeded. Having a well connected server being a secondary MX server was a significant advantage for a small mail server in those times (by todays servers almost all the mail servers of 1993 are small and the biggest servers of 1993 were medium sized by today's standards).

I just did a quick search for machines with secondary MX records (IE multiple MX records at different priorities). The only significant mail service with such configuration that I could find was gmail. Hotmail.com, ibm.com, microsoft.com, aol.com, and zonnet.nl all have multiple MX records at the same priority - this is a cluster of primary mail servers not a primary/secondary configuration. The evidence suggests that mail servers such as hotmail.com do not benefit from a secondary MX record, so I doubt that any other domain needs it either.

In response to a comment on my previous post, I have previously mentioned in mailing lists the issue of spammers attacking secondary MX servers, but I couldn't see it when reviewing my blog archives.

Above is day 10 of the beard.

Monday, October 16, 2006

MX vs A record

One issue that has been the topic of some pointless discussion is whether a mail server should have an A record or an MX record. Mail can be delivered to a domain that has no MX record but simply an A record pointing to an IP address. But the most common practice is to have an MX record pointing to the name of the machine that serves the mail. A common use for this is to have a bulk mail hosting machine with multiple MX records pointing at it, which then allows you to have matching forward and reverse DNS entries for the machine name.

If you have no MX record for a domain then Postfix will do the following DNS requests:

IP postfix.34245 > DNS.domain:  3448+ MX? example.com. (32)
IP postfix.34261 > DNS.domain: 50123+ A? example.com. (32)

If you have an MX record then it does the following:
IP postfix.34675 > DNS.domain:  29942+ MX? example.com. (32)
IP postfix.34675 > DNS.domain: 33294+ A? mail.example.com. (37)

Now if there are multiple domains on a bulk mail hosting system then the A record might already be in a local cache on the sending machine, so having bulk mail hosting with MX records may reduce the number of DNS lookups, with the minumum number of lookups being half plus one.

If there is no bulk mail hosting then an MX record would still offer some slight benefits if the positive responses are cached for longer than negative responses. This would mean less lookups which gives faster and more reliable delivery of mail plus being more friendly to the net. I don't know what the cache behaviour is in this regard so I'm not sure if this would actually give a benefit (I'm sure someone will comment with the answer).

Now regardless of these issues I think that using an MX record is the better option. It's what most software expects and saves you from the excitement of discovering corner case bugs in various software that's out there on the net.

Sunday, October 15, 2006

day 8 of the beard

The beard is still growing steadily, and I'm still waiting for the beardly powers that some of the bearded delegates at LCA 2006 assured me that I would develop.

electric cars

Here's an interesting post on the Green's site about the Indian Reva electric car and the attempts to get a permit to drive it on Australian roads.

From the Reva site it seems that the Standard model is a 750Kg two-door hatch-back car to seat four people that bears a resemblance to the most widely known Smart Car. The top speed (of something like 50 or 65Km/h) is also reminiscent of the smaller Smart cars. The Reva site indicates that the Indian government is offering a subsidy to people who purchase such vehicles to try and solve pollution problems.

In Australia we have a standard of living that is a lot higher than most people in India experience. But it doesn't have to continue like that. If the poor leadership shown by the Australian government continues and the Indian government continues doing sensible things then our positions could be reversed.

If there is a Reva in Victoria then I'd like to try driving it, even if only on private property.

Saturday, October 14, 2006

more about Fedora

In a comment on a previous blog entry I was described as an active Fedora advocate, I don't think that is an accurate description. I advocate it to appropriate people, which is mostly non-programmers - but as I mentioned that means a larger proportion of the population than to whom I can advocate Debian. It's not that I'm trying to advocate Fedora, just that it fills a need for many people. I believe that the term Fedora advocate means someone has an objective of increasing the use and to use Fedora, I don't have such an objective. I am a Linux advocate, a Free Software advocate, and sometimes a Unix advocate (Unix meaning the entire family of Unix-like operating systems). Merely promoting something does not make you an advocate for it. I don't think of myself as a Debian advocate at this time, but as I am a Debian developer this may change.

It seems that the people who run the Fedora Planet think that my blog has suitable Fedora content, it's been added to that planet. Also the Fedora Planet appears to be running an older version of the Planet software as it has the same problem with my blog that Debian Planet had before the upgrade.

Now on the issue of gratis vs libre: As I am not a Red Hat employee I can't maintain a kernel-xen-nopae package and give it the same status as the kernel-xen package. Even when I was a Red Hat employee I couldn't have done that - it would require some amount of management approval. I believe that this fundamentally makes Fedora less of a libre distribution. There is no room in Fedora for someone who is an upstream developer and who just wants to maintain their own package. There is Fedora-Extras, but that has a second-class status. Only Red Hat employees can maintain packages in Fedora Core. This makes Fedora fundamentally less libre than Debian. I am not trying to suggest that Red Hat change things in this regard, I believe that Fedora is meeting all it's goals and that making Fedora as libre as Debian is not possible given the goals of making a profit on selling support of RHEL.

Chris made a good point. I also believe that MP3 codecs should not be in Debian/main. But I believe that people making mistakes about some issues is not a factor in judging the entire project. I believe that Debian is more libre although some bad decisions were made - largely due to lack of overall management. Fedora has hierarchical management, so when the legal team declares that some software can not be distributed then it gets removed without debate. I guess I could propose a GR to exclude MP3 codecs from main.

Also it should be noted that RHEL Extras has some of this software that is not in Fedora (RealPlayer for example). The Red Hat legal advice was that MP3 codecs need a license, so they ship a licensed version in their commercial distribution. This is the right thing to do for their customers (it's handy to have and I'm sure that they get a good deal by paying license fees for all their customers) and removing such things from Fedora is the right way to offer a gratis product without unreasonable legal liability.

Naturally Fedora is much more libre than any secret-source OS. Every user has the option of downloading the Fedora source and recompiling it as they wish. I could compile Fedora with a Xen kernel that runs on my hardware and with SE Linux policy that is more restrictive than that which Fedora currently has. I could build custom Fedora install CDs to install things the way I want (which I considered doing when I worked for Red Hat). But the liberty to fork a project does not compare to the liberty to join it, and the liberty to create your own packages in extras does not compare to the liberty to add your own packages that do things differently to the default package.

There are of course positive and negative aspects to this. I started work on SE Linux in Debian in 2001. In 2003 I joined Red Hat to work on SE Linux, in Red Hat I was not the only person dedicated to SE Linux work and other people spent part of their time working on it. The SE Linux work in Red Hat soon eclipsed that of Debian because there was management support. There was no possibility for a package maintainer to refuse to fix a bug that affected SE Linux simply because they didn't care for it. The positive side of this is that the SE Linux work proceeded quickly and efficiently. The negative side of this is that things which don't have management support don't appear in Fedora Core. Exim is a fine MTA but is not in Fedora Core. Some people think that AppArmor is a better option than SE Linux, they are wrong - but in Debian any developer has the option to add AppArmor support and neither I nor any other DD can prevent them. The libre nature of Debian means that as long as basic technical criteria are met DDs can add any package that they wish to the distribution.

These issues however are all related to people who are actively involved in Free Software development. For a typical Free Software user it often doesn't make much difference, until of course your favourite program doesn't get management approval to appear in Fedora Core. But the counter argument is that the quality of some of the >10,000 packages in Debian is not so high. You can install a Fedora Core package and have a reasonable expectation about how well it works, but Debian packages are sometimes rather experimental.

I also don't believe that Debian is a very functional Democracy. Some of the problems of Direct Democracy are demonstrated in Debian. In many ways it is more anarchistic, anarchy gives you liberty for good and bad. Maybe we should consider a Representative Democracy model for Debian.

debate via wiki

Lars Wirzenius seems to be seconding my idea for using wikis to solve contentious issues.

My latest idea in this regard is to have several wiki pages, one for each opposing view and one for agreed facts. If an issue has multiple parties debating it then there could be multiple pages for the areas on which different sub-groups agree.

The plan is that each faction edits their own page along with email discussion with other factions and then the page of agreed facts is updated when agreement is reached on some points.

Wikipedia is the canonical use of Wikis for contentious issues at the moment. It is based on having a page for each topic and a discussion page for that page where the history is discussed. This works for Wikipedia because the aim is merely to generate web pages. If the generation of web pages is incidental to the purpose of resolving a dispute then it is a little more tricky. Entire areas of disputed content can be left out of Wikipedia pages without any real loss. But often in online debates the key points are the ones most hotly disputed.

I plan to set up a wiki and do some experiments to see how well this works.

Friday, October 13, 2006

yet another beard pic

I'll space them out a bit now, no more daily pictures.

Years ago Jon Wright (a well known bearded OS/2 programmer) told me that after you get past a week of growth it stops being annoying, I think I'm getting to that stage now.

The benefits of SE Linux

Today I discovered a bug in one of my programs, it called system() and didn't correctly escape shell eta-characters. Fortunately I had written custom SE Linux policy for it which did domain_auto_trans(foo_t, shell_exec_t, very_restricted_t) so there was no possibility of damage.

The log files (which were not writable by the daemon by both SE Linux access control and Unix permissions) indicated that no-one had attempted to exploit the bug.

Thursday, October 12, 2006

about leaving

I've read quite a few blog posts about someone leaving Debian and whether they should remain on Debian planet. An official policy on these matters has now been posted which stated what I expected, if you feel that you belong and meet technical criteria then you are welcome.

Not that this solves much, the next debate will be about what content is suitable for Debian-planet with the expected answer being "anything which meets technical criteria and doesn't offend many people or break any laws". I've already had some comments on my blog from people who want me to change topics. I don't know if other people get this or whether doing an average of one post per day gets me more attention from the loons.

I started blogging after leaving Red Hat. I considered asking for my blog to be added to the Fedora Planet, but wasn't sure whether I would be posting much about it. I just checked and it seems that my old Advogato blog is aggregared on the Fedora Planet and there is no mailto URL on that site to allow me to get it changed. I've just put a final blog entry on Advogato to inform everyone of the change.

I'm not sure if it's worth adding my blog to the Fedora syndication. I have just decided to change my main desktop machine from Rawhide to Debian/unstable. The reason is that Fedora is mostly a Gratis distribution and Debian is more Libre. For most computer users there is no real difference as they don't have the skills to use the liberty that Debian offers. But for people who can code (note that we are in a small minority of computer users) the difference is significant.

The final issue that forced me to this decision is this bugzilla entry about Xen. In Debian there are kernels for Xen on i686, Xen on AMD K7, and Xen on i686 with vserver (doesn't Xen make vserver redundant?). In Fedora there will be one Xen kernel which won't boot on the machine that is most important to me and which ironically is the machine that was issued to me by Red Hat (and sold to me when I left).

This issue of a lack of choice is quite understandable from the Red Hat Enterprise Linux side of things. It's OK to say to a customer who wants to pay for a RHEL-AS license that they need a machine less than 3 years old if they want to use all the features. Adding new kernels adds support costs and I think that most RHEL customers want to have a smaller set of supported options with a higher level of support. I often recommend RHEL to clients and I will recommend that clients use Xen on RHEL-5 - and that they purchase recent hardware to do so.

But for home and hobby use it's a different matter. I provide all the support I need, I can compile my own kernels without much effort - but it saves time to have someone else do it. Fedora simply lacks choice here by design. I still support a bunch of Fedora and RHEL machines and will still develop RPMs for them. I will put everything I develop under http://www.coker.com.au/rpms/ for anyone who wants it.

Given that if the Fedora Planet people want to syndicate my blog I am more than happy to have them do so. I don't dislike Fedora, in fact I still recommend that people use it. It's just that Debian suits my personal needs better than Fedora does. I expect that I'll have more Debian content than Fedora content on my blog, but there will also be a lot of Linux content that's not distribution specific.

It will be interesting to see what the Fedora Planet people do.

Wednesday, October 11, 2006

day 4 of the beard and the Crypto museum

The day 2 picture had an NSA coffee mug in the background. I purchased it from the gift shop of the National Cryptologic museum at Ft Meade, Maryland. I highly recommend that museum, it has free entrance, hardly any visitors (I've never seen more than 5 people in there) lots of interesting displays, and some really intelligent and well-informed tour-guides. If you are interested in technology then you should visit the Cryptologic museum and the Smithsonian every time you visit Washington DC.

Last time I visited the Crypto museum they had a new display about fingerprint scanning. It displayed what the machine read and indicated whether the fingerprint was regarded as a match or not. I learned that I could get a false negative by changing the angle of my finger by about 20 degrees, but apart from that it seemed more accurate than I had expected.

Here is a picture of me touching an Enigma at the Crypto museum! There is also a picture of me sitting on a Cray with some Japanese friends, but I haven't got a copy of that one.

In regard to Shintaro's comment about thinking I had a beard after reading backup.te, I was a little surprised, I would have thought that mta.te (which is fairly complex) or chroot.te (one of the most complex and least used policy modules I ever wrote) would have inspired such a comment. backup.te seemed rather mundane by comparison.

Tuesday, October 10, 2006

day 3 of beard, and the gimp

Right now I'm just starting to break new personal records for hairyness.

I've been surprised that the GIMP isn't as difficult to use as I had previously thought. I particularly like the preview feature for saving JPEGs. I can use a slider to set the quality of the image and see a preview of viewing the file before saving. In the past with less capable software I used to go through a laborious process of saving a JPEG, viewing it in a separate program, and then repeating until I achieved an acceptable balance of file size and quality. Now I can adjust the slider and see what the result would be in terms of both quality and file size.

Recently I was doing sys-admin work for a company where Windows was the desktop standard. Often we had to send around screen-shots of various problems and the way of doing this was to use CTRL-PrtSc to copy an image of the window in question and then paste it into a MS-Word document because the Windows image had no other program that was capable of dealing with image data. One significant problem with MS-Word is that it doesn't allow expanding the image or modifying it, so you see it at about half the original resolution. It seems that what I should have been doing is pasting the image data into the GIMP and then saving it as a PNG file (PNG is loss-less compression which avoids the ripples you get from JPEG compression of text and it's also very efficient at compressing the regular data that is typical in a screen-capture). PNG files would take much less space than MS-Word documents and allow efficient viewing by many programs (including web browsers which are on all machines).

Monday, October 09, 2006

Another beard pic

I've attached another pic, titled this one day2, which I guess means that day0 (not photographed) was one day without shaving and day-1 (also not photographed) was the last time I shaved.

So far I'm still in the range of "too busy/lazy to shave".

Blogger beta is living up to it's name and the functionality I had yesterday for uploading an image and having a small version generated is not working now.

review of Australian car web sites

It seems that Toyota isn't alone in having non-functional web sites. In fact it's better than some, the basic information on the cars is available and it is possible to get contact information for car dealers, also they have a feed-back form on their web site (to which I submitted my previous blog post). Incidentally the Lexus site had much the same problem as the Toyota site (hardly surprising as Lexus is the luxury marque from Toyota). But I expect that if I phoned Lexus to ask about their vehicles I would get a better call-center experience which would make me less inclined to blog about them.

Daihatsu vehicles are sold by Toyota. Their web site doesn't use Flash, but it has so little content that it doesn't count.

I decided to quickly review the web sites of car manufacturers that sell in Australia for a fair comparison. I found three sites worse than Toyota, two sites that were equal (counting Lexus), and six that were better than it.

Holden has the worst site, they don't display any information if you don't have flash, they don't even display a phone number! I wonder how much Adobe pays web programmers to pull this sort of stunt. I can't imagine Holden management saying "if a customer comes to our web site and doesn't have Flash then don't display our phone number or any other contact information, they can use Flash or buy a Ford instead". Obviously some web monkey has run amok and done their own thing without following directions. Probably some people need to be sacked in the Holden web development group.

Volvo Cars has a very bad site. Most of the content is involved with Flash in some way and refuses to load. There is a mailto reference that is broken, and the overview page for the S60 seems to have a JavaScript loop (I aborted the load after it loaded 245 pictures and was still going). The Volvo page for their other business is quite functional although minimal.

Hyundai has a bad site. The front page works OK, but some of the sub-sites to display information on vehicles redirect to sites such as evolveddriving.com.au which are "optimised for 1024x768" and require Flash and Quicktime while others do strange things like changing the size of the browser window. Overall it's a very bad site, but at least I could find the contact details for my nearest dealer, and it has a feedback form.

Subaru has an OK site. The only thing I couldn't access without Flash is information on their AWD (All Wheel Drive) technology. Unfortunately they provide no email address and no form for sending feedback.

The main Ford web page claims that Flash is required, but their site just works without it. In a quick test I was unable to find any functionality on the Ford site that is missing because of not having Flash. Ford have a well designed site.

The Volkswagen site makes no mention of the fact that I don't use Flash, it does however have some strange unused spaces in the middle of the screen. I guess that it recognised that I don't have Flash and made a semi-successful attempt to work around it. I could get all information I wanted including dealer contact details.

The main Mazda web page displays a message about Flash not being installed and offers a link to a non-Flash version of the site. The Flash section is at the center and the buttons at the sides work if you don't have Flash. This seems to be a well implemented site.

Citroen has an OK site, no flash that I noticed (although there were large blank areas on the screen at times indicating that something was missing), the information was all available and browsing was reasonably easy. One thing that annoyed me was that there were movies available but only through some sort of JavaScript that tried to play them in my browser. I have never bothered setting up my web browsing machine for playing movies (among other things it has no speakers) so this is a problem for me.

Peugeot has a good site. No apparent flash and it's reasonably easy to use. It has more pictures than Kia but the JavaScript navigation stuff is fancy. One nice feature is a single page with pricing summaries for all models. If you have $X to spend on a Peugeot you will easily discover which ones you can afford.

Kia has the best site I saw! Not only is there no flash, but it's well designed, easy to navigate and it loads quite quickly. Please review the Kia site as an example of how to do it properly!

Let me know if I've missed any makes and I'll post an update.

open letter to Toyota

When I visit the toyota.com.au web site it does not display any information on the new Camry, instead it displays a message saying "Unfortunately you do not have flash 8".

A well designed web site will display information for all users, including those who don't have flash installed.

The Toyota web site should be aimed at selling Toyota products, however it seems most effective at selling Macromedia products. Anyone who visits the Toyota site is forced to install a product from Macromedia (the Flash viewer) but is not forced to purchase anything from Toyota.

Are your web designers representing Toyota's best interests or the best interests of Macromedia?


If you visit the above URL you will see information on some of the security problems related to flash. Anyone who has security problems on their computer after being compelled to install Flash by the Toyota web site would have reason to blame Toyota for any damage or loss caused by such security problems.

Flash is often prohibited by corporate security requirements (the instructions on the Toyota web site could get a potential customer sacked - and therefore unable to purchase a car). It is not usable by many visually impaired people (while people with extreme vision problems are not able to drive a Toyota cars they should be able to read information about them). It is also disliked by people who want their computer to run all free software, which includes a large number of people who like the Prius.

Sunday, October 08, 2006

started growing a beard

At LCA in January this year there was an auction at the end (an LCA tradition), and most people were feeling very relaxed and happy after plenty of good food and drink and bid with reckless abandon (another LCA tradition).

To help things along a few of us volunteered to do various things if various amounts of money were reached. The full list is here.

Anyway my contribution is to grow a beard for the next LCA. Recently I had been thinking that it was about time to start, and this morning I discovered that I had misplaced my shaver, so I start today. I had wanted to get a clean-shaven picture for the first blog entry, but things didn't work out for that. The above picture is two days of growth (members of my local LUG are probably used to seeing me look like this).

I will strart by blogging a picture every day, and then start to space them out as it grows. The apparent results of beard growth should exponentially decrease over time so the rate of pictures would best be based on the log of the time.

Saturday, October 07, 2006

working all night

Last night I worked until 5AM on a magazine article. Upon review the later stages of my work weren't of my usual quality level, and today I did nothing significant because I was too tired (fortunately it's a Saturday).

I'm now going to cease all really late-night work except when supporting 24*7 production systems for clients. When I feel that my productivity starts to slip due to being over-tired I'll cease work unless I am being paid to get an outage fixed quickly. The real problem in productivity seems to be throughput not response time. So if I occasionally miss a deadline but overall get more work done it should be a net positive thing.

Thursday, October 05, 2006

Virgin - no free water and renewable energy

When returning from Ruxcon I took a Virgin Blue flight.

The Virgin web site has a FAQ with the following advice regarding DVT:
Drink plenty of water and other fluids during and after the flight, limiting alcohol, tea and coffee.

However Virgin provide no free water on the flight and charge $2 for 350ml of water! This is a strong incentive to buy caffeinated drinks and/or alcohol, after all if you are going to pay then you want something better than water!

They should provide free tap water as a basic health measure.

On the positive side there was an interesting article in the Virgin Blue magazine about alternative sources of fuel. It covered bio-Diesel (renewable and produces less toxic smoke), and producing Diesel from waste plastic (saves space in land-fill as well as providing fuel). It wasn't as technically detailled as I would like and it didn't mention some of the methods being developed for producing Diesel fuel from algae or the work on using bio-fuel for jet aircraft (which would be appropriate for an airline magazine).

But it's a good start, hopefully some travellers will learn that there are environmental problems and ways that we can fix them.

Wednesday, October 04, 2006

dunc-tank and motivation

The dunc-tank project was established to raise money to compensate some Debian developers who are essential to producing a timely release of Debian. There has been a lot of acrimoneous debate about whether this is a good or bad thing. The positive side of it is that the release managers will get to spend more time working on Debian, the negative side is that some volunteers will lose motivation.

However I have felt more motivated to do my unpaid Debian work. During the time that I was employed by Red Hat I was fairly slack about my Debian development work (incidentally Red Hat management were happy for me to continue Debian work so there was no pressure from Red Hat in this regard). Since leaving Red Hat I have been busy doing paid work.

Recently I have started getting involved in Debian work again. I am about to upload a new version of Postal for the first time in three years, I have set up a Xen server for Debian SE Linux development, and I am about to start serious Debian SE Linux development work again.

One factor in this has been my impression that other DDs are taking the release seriously. In the past schedules for release have slipped repeatedly without end. Now there is a schedule and this gives me more motivation to get bugs fixed!

Lack of privacy in Amcal

Recently I visited my local Amcal pharmacy. When I was waiting to pay I noticed a large pile of cards on the country, they were customer loyalty cards with the names of customers printed on them. Also on the top of the pile was a Medicare card. The cards were placed face-down presumably to avoid customers seeing them, but as they were on the counter where customers waited to pay there was nothing to prevent a customer from turning them over or even stealing them.

I brought this to the attention of an Amcal employee who agreed that the medicare card should not have been there (such carelessness is probably illegal) but who thought that a huge pile of customer loyalty cards (which among other things is connected to a database entry with the customer's phone number and postal address) is something that should be left within reach of customers. When I left the store another customer was being served within convenient reach of the card pile (which may have contained more Medicare cards).

If you have a cold then it's OK to go to Amcal to buy your medicine. If you have the clap then you might want to go somewhere else as they don't seem to care much about privacy.

Monday, October 02, 2006

Ruxcon and SLUG

This weekend I was in Sydney for Ruxcon. Ruxcon is a computer security conference with a focus on penetration testing and related skills.

The presentation on Unusual Bugs by Ilya van Sprudel was particularly interesting. He spoke about a number of issues that could do with some improvement in Linux, I will file some bug reports shortly.

There was a chilli eating contest. I was one of six people to enter. I survived the first two rounds and got onto the middle-strength chilli before giving up. There were 100 tickets to the Google party for the ~200 person conference and everyone who entered a contest got a ticket. My aim in the contest was to eat more chilli than I enjoy eating but less than the amount required to make me sick, with a secondary goal of tasting at least the second level of chilli. I achieved my goals and left the contest after tasting the second chilli.

One man appeared to be impressed by my chilli eating and was telling everyone that I am famous for eating chilli. It's good to be famous for something in the computer security community. :-#

At the end of the conference there was a panel discussion that I was invited to attend. I had to leave early to catch my flight, at the time I left everyone who was on the panel had each finished a few drinks and a couple of new guys had just joined. I think I missed the most exciting part of the panel discussion.

Thanks to whoever paid for the drinks for panel members. Things were a little hectic when we were given the drinks and I forgot to thank whoever paid for them.

In other news Sydney trains are slow and unreasonably expensive, $13 to get from the airport to the SLUG meeting at St. Leonards seems excessive. With all the problems with Sydney roads they really need to get a better public transport system!

While in Sydney I attended a SLUG meeting and gave a short talk about Postal (my mail server benchmark suite). I will present a paper about Postal at the OSDC conference later this year.