Sunday, May 20, 2007

SE Linux in Debian

I have now got a Debian Xen domU running the strict SE Linux policy that can boot in enforcing mode. I expect that tomorrow I will have it working with full functionality and that I will be able to run another SE Linux Play Machine in the near future.

For more information on my work on security features in Debian read the full version of this post on my new blog.

PC prices drop again!

A few weeks ago Dell advertised new laptops for $849AU, this was a significant development but I didn't get around to blogging about it. Now I have just discovered that they have a special deal for $799AU for a laptop including delivery! This is an amazing deal and gives you an AMD Sempron 3500 CPU (not a really fast CPU and only 32bit, but it's faster than the 1.7GHz Pentium-M that is currently satisfying all my requirements for portable computing), 512M of RAM, an 80G hard drive and a 1280x800 display.

It's far from a high-end laptop (having a lower screen resolution and less RAM than my 3yo Thinkpad) but it will suffice for most things you might want to do on the move apart from running Xen.

The exciting thing about this is that as it's so cheap that most people will probably choose it in preference to a desktop system - the cheapest desktop system that Dell currently offers as a package is $898. The cheap desktop has a dual-core Athlon64, 1G of RAM, and a 160G hard drive. But for most tasks other than games such things aren't really required.

The rest of this post is on my new blog.

I must be famous ;)

I have been "name dropped". ;)

It seems that I even beat Keith Owens (*) who works in the same office, but maybe Dave hasn't met him yet...

(*) I can name drop too!

This first appeared here on my new blog.

Saturday, May 19, 2007

Planet feed polling frequency

From reading my web stats yesterday it seems that one Planet has polled by blog feed 1693 times over the first 14.25 days of this month. This is about 5 polls per hour. Another Planet has polled my blog 994 times for an average of about 3 hits per hour.

How frequently does it make sense to poll blogs?

Read the rest of this post on my new blog.

priorities for heartbeat services

Currently I am considering the priority scheme to use for some highly available services running on Linux with Heartbeat.

The Heartbeat system has a number of factors that can be used to determine the weight for running a particular service on a given node. One is the connectivity to other systems determined by ping (every system that is pingable can add a value to the score), one is the number of failures (every failure deducts a value from the total score), one is the weight for staying on the same node (IE if the situation changes and the current node is not the ideal node you might not want to immediately move the service to a different node as that gives some seconds of no service), and one is the preference for each node that may run the service.

The rest of this post is at this URL on my new blog.

mobile phone etiquette

Paul Dwerryhouse blogs about mobile phone etiquette

In this post on my new blog I refute most of his claims regarding mobile phones being bad.

Friday, May 18, 2007

Tom's Hardware falls victim to a trojan

E-Week has an article about the popular computer hardware review site Tom's Hardware (tomshardware.com) being hit by a trojan in a banner advert.

From the article it's not clear whether a criminal paid for a banner advert under a legitimate business name or compromised the advertising server run by an innocent third-party who paid for advertising on Tom's Hardware.

But really it doesn't matter very much for users. The facts that are clear are that Tom's Hardware is a very reputable site (that I personally visit regularly and recommend highly) that apparently did nothing wrong. Yet Windows users who visited the site who hadn't applied the latest patches had their systems compromised (and presumably used for other criminal activity). Apparently a month ago there was a patch released for the bug in question.

One thing that has to be noted is that large corporations often don't apply patches immediately. Spending a month testing a patch before deploying it widely is not uncommon in an enterprise environment. The general thinking in an enterprise is that the employees are almost always prohibited from visiting porn sites, and often prohibited from using forums, and webmail services. With these things prohibited the risk of attack is dramatically reduced. Now there is evidence that even the most reputable sites run by the competent sys-admins can be vulnerable to such attack.

The rest of this post is on my new blog.

career risks

Paul Graham makes some interesting observations about taking risks to achieve career benefits.

One thing he doesn't mention is that the risks have to match your life situation.

The rest of this post is on my new blog.

terrorist actions I want banned

The current trend in government seems to be to do whatever they want because to do otherwise invites (or fails to prevent) terrorism.

Here are some things that might be done by terrorists which governments should consider banning:

Graffiti - could be used by terrorists to mark locations for attacks or send messages to sleeper cells. It's already illegal but that doesn't seem to stop anyone. Send the graffiti "artists" to the same places that they send illegal immigrants.

Spitting in public - could be used for biological warfare (it's effective at spreading disease).

Putting feet on seats of public transport. Shoes have been used for smuggling explosives on to commercial airline flights and could be used for bio-warfare.

Sticking gum underneath chairs. This is an obvious risk for bio-warfare.

Governments and corporations are banning photography, banning prayer in airports, and speaking in languages other than English. It's about time that they banned something that is actually bad.

The main URL for this post is on my new blog.

Thursday, May 17, 2007

Five ways SE Linux may surprise you

Frank Mayer of Tresys has written a great article on the techtarget.com site about SE Linux.

It seems mostly aimed at managers and novice users and explains how SE Linux isn't really that difficult to use but is however a foundation technology that is needed for secure systems.

Check it out!

permalinks in wordpress, Apache redirection, and other blog stuff

When I first put my new blog online I didn't think to set the custom permalinks option to avoid having /index.php in all URLs (which wastes a few bytes and looks nasty).

So I decided to change to better URLs but unfortunately many people have already bookmarked the bad URLs. I wanted to give a HTTP 301 redirection when someone uses the old index.php version (so that bookmarks get updated) and then redirect to the PHP file. Unfortunately having a redirection from ^/index.php to a version without it and then a local rewrite to include index.php again doesn't seem to work (any advice would be appreciated). So I put the following in my /etc/wordpress/htaccess file (the location for such things in Debian) so that foo.php is used instead where foo.php is a sym-link to index.php. I'm wondering whether I should file a bug report against the Debian package requesting that a sym-link be in the package to facilitate such things - if it's not possible to do what I desire without the symlink.

The rest of this post is on my new blog.

lemonup.com - pirates

The URL http://linuxresource.lemonup.com/ currently has a mirror of my blog. Disregarding the DMCA take-down notice I sent them a week ago (which is also mirrored on their own site) they have again copied the content from my site without permission (I only allow non-commercial use). But this time they go even further and claim copyright over my text!

See the rest of this post on my new blog.

Friday, May 04, 2007

school rating

The web site http://au.ratemyteachers.com/ allows Australian students to rate their teachers. Ratings are anonymous and give teachers a score out of 5 as well as allowing students to comment on teachers.

The Sydney Morning Herald has an article about the site that describes the actions that the NSW Department of Education and the NSW Teachers Federation are taking to block the site.

The solution to this however is really quite simple. There needs to be a formal method for students to rate their teachers which will be used when it comes time to give pay rises to good teachers and dismiss or transfer to non-teaching duties the teachers who can't do their job.

I encourage students to submit essays and debate topics about the anonymous news-papers published in the Soviet Union and other repressive states, why they were necessary (because criticism of the government was prohibited) and why they were morally right (a system with no method of correction will inevitably do bad things). Then teachers will have a choice of supporting the actions of the Soviet Union or the use of ratemyteacher.com, it will be interesting to see which option they choose. I think that it's most likely that they will take the hypocritical path and support anonymous newspapers in the Soviet Union while attacking such free speech in supposedly free countries.

It's interesting that an article on the failures of Mentone Grammar has just been published. Maybe if Mentone had been listed on the ratemyteachers.com site the Taylor's would not have made the mistake of sending their son there. Or maybe if the Mentone senior staff had been reading that site they would have been able to correct the problems before they became cause for a legal dispute.

The original URL for this is on etbe.coker.com.au.

DMCA etc

A few days ago I wrote my first DMCA take-down notice, I followed the instructions on the Wikipedia page. The reason for this was that someone was mirroring my blog and putting google adverts on the copy. Before I started putting Google adverts on my web sites I wouldn't have been bothered about this. But now that I'm making a small amount of money from Google advertising I don't want someone else just mirroring my content and taking the money away from me.

The person who managed the site in question took a surprisingly large amount of time to comply with the request (a discussion of several messages plus a couple of reminders over the course of a few days).

The most recent news about DMCA abuse is the case of trying to prevent the distribution of a code used for decrypting DVD-HD. It is widely believed that copyright was used to prevent the distribution. Strangely many people who otherwise have a good understanding of technology have been saying "you can't copyright a number". What precisely is a program binary if not a long series of numbers (or a single large number depending on how you look at it)? For that matter a JPEG file or the ASCII representation of a book is also either a very large number or a series of small numbers. Also apparently it's not protected under copyright but under the anti-circumvention clause of the DMCA.

If it was a matter of copyright it would not be an issue of whether a number can be copyrighted, but what defines such a number. One criteria for copyright is that it has to be on something non-trivial (EG I couldn't copyright the use of "a few days ago" as an introduction) so length is a criteria. Another is that it has to be a creative expression (so an encryption key can't be copyright). However in many jurisdictions there are separate laws regarding distributing passwords without permission, such laws are designed for preventing people from granting unauthorised access to computers but I believe that they can be used more generally (I have been advised that such laws exist in the state of Pennsylvania in the US - I'm not sure what the law is in other regions but expect that something so useful would be copied).

Another breaking story is that the RIAA has created an organisation with a US government mandate to collect royalties on ALL music that is played over Internet radio. This includes music for which the copyright owner is not an RIAA member and does not consent to have the royalties applied. You can create your own music, grant free access to everyone out of philanthropy, and then have the RIAA tax the music!

It's unfortunate that only the down-side of this dramatic change in copyright law has been discussed. Compulsory licenses have a lot of potential in other areas of copyright material. Recently people have been complaining that government sponsored scientific research is often only published in journals that cost large amounts of money. Why not have a compulsory license for journals at a fair price that everyone can afford? Software is often unreasonably expensive (Windows Vista with the latest version of MS Office can cost up to twice as much as a new PC), let's have compulsory licenses for software at a reasonable fee! Software vendors often cease selling old versions of software to force customers to upgrade, a compulsory license scheme would permit us to buy MS-DOS 3.30 at a reasonable price regardless of whether MS wants to sell it.

Finally there is at least one evil cult that claims it's "religious" texts are copyright as a way of preventing the public from seeing what a drug-addled second-rate sci-fi author produces. Let's have a compulsory license for them so everyone can read them!

The only thing that's wrong with the RIAA scheme is that there is no option for copyright owners to directly license their material to the users (including granting a free license if they so desire). The up-side of this is that it proves beyond all doubt that the RIAA is not representing copyright owners.

Update: I initially accepted the claims about the DMCA take-down notices being based on copyright rather than anti-circumvention. Since learning of my mistake I modified this post to reflect the fact that it was not a copyright issue.

The original URL for this is on etbe.coker.com.au.

Tuesday, May 01, 2007

LUG talks today

Today I gave three talks at my local LUG. The first was my latest SE Linux talk (I’ll put the notes online soon). The second was a talk about voting.

I asked for a show of hands, who has already decided which party they will vote for at the next federal election (about 12 people put their hands up). I then asked people to put their hands down if they were not a member of the party that they intend to vote for, including myself there were only two raised hands in the room (including mine)!

...

The final talk I gave was about getting speakers for Linux Users’ Groups.

The full post is here.

more about Heartbeat

In my new blog I've just made a lengthy post about Heartbeat.