Planet LUV

oh dear - here I am procrastinating again... I'm meant to be working on my keynote for the K12OpenMinds Conference in Indianapolis at the end of the month. ( More about k12 openminds in another post - promise! )

Instead, I'm blogging about conferences. Well - there's so much going on in the open source, tech and edu space... First up is ACEC2008 then VITTA08: Shift Happens, The extraordinary LCA2009 and even a bit about LCA2010 and a new kid on the block... OSSPAC.

What is it about conferences? Primarily they are an opportunity to meet, mingle and dialogue with people of like minds. Large conferences have their own logistical requirements, and generally a huge amount of effort goes into making them happen, and making them happen to the satisfaction of all participants. So why do we do it?  This is something I've been pondering as my biz cc.com.au seems to be engaged in this area more frequently. Web based conference management tools really do seem to help make it easier to put an event together. But the tools enable us to go further.  Creating dialogue between speakers, and delegates in the lead up to, as well as during and after seems to concentrate attention on the primary reason for a conference...  anyway  that's more than enough 'meta-conference'!

In reverse order... OSSPAC  Open Source Singapore Pacific-Asia Conference and Expo - has announced a call for presentations and they've got an impressive bunch of heavy hitters lined up in the sponsors column...  I'll have to decide soon if I'm going to submit something.

Victoria HO of ZDnet Asia reported "According to the executive, OSSPAC is distinct from other smaller open source conferences in that the latter tend to focus on specific components of the open source community, such as the Linux OS." [1]

It's a shame this isn't happening in Australia - then again, sometimes I get the feeling that despite the vibrancy of our Open Source Industry and Free Software community, we're just not quite getting the business, education and enterprise traction necessary to make an event like OSSPAC viable in Australia.  Open CeBIT in Sydney this year was pretty woeful, and I was very disappointed not to see Linux World run again.  linux.conf.au is unashamedly technical and aimed at users and developers, regardless of where or how they're using Free and Open Source software.  Open Source Developers Conference is also not the place for the large open source vendors to tout their wares. We just don't have a successful commercially focussed event in Australia.  I wonder why? There have certainly been attempts.

linux.conf.au 2009 - Hobart. The call for papers closed a month or so ago, and reviewing has been underway - so I'm told. The papers committee will have their crucial face to face meet next weekend.
Decisions will be made. The program will be scheduled.  It's a big job.

Putting the program together is possibly the most important part of organising the conference. It legitimises participants opportunity to meet, mingle and dialogue with their peers and gurus. The scheduled presentations impact on conversations at the conference itself and also inevitably in the hallways, pubs, restaurants and college common rooms before and after.

linux.conf.au 2010 - Brisbane? Perth? or Wellington? - I've seen three very impressive bids from three very different teams. I've read debate about the merits or otherwise of the polished publications they've produced.  They've all made use of the services of their local marketing and convention bureaus.  I applaud this. The people volunteering their time to organise LCA are not experienced conference organisers, and inevitably spend a lot of time figuring out how and what needs to be done, in what order, with which suppliers, doing things themselves, or saving their energies and outsourcing. The local bureau are experienced, and have a wealth of contacts, resources and advice - building a relationship with them during the bid process is a wise investment of effort for any team serious about organising this event in their town.

Next up - The Victorian Information Technology Teachers Association annual conference and expo is in a  new venue, and will be bigger than ever! 

CC was asked to help get the conference program online so teachers registering for the conference could browse session abstracts like they could last year.  I'll be doing a lab session on Inkscape subject to NOT being in Spain for yet another conference - which I'm not sure is going ahead or not.

Finally - and most immediately is The Australian Computers in Education Conference. It happens every 2 years, is international and HUGE. I attended as a speaker in 2006 in Cairns when the event was last held.  I'm also helping on the technical committee for ACEC2010 in Melbourne. This year it is being held in Canberra.

• Roland Gesthuizen is doing foss stuff: OLPC to Help Bridge the Digital Divide and Scratching Around for a Python
• Brianna Laugher is speaking about  "Safe wiki": Teaching responsible use of Wikipedia
• Laurie Heikkila is presenting The Best Things in Life are Free!
• Jason Zagami is comparing PHP, Visual Basic, Gamemaker, Alice, and RoboLab in Which Programming Language Makes it Easier for Students to Learn to Program?

Overall though - I'm a bit disappointed there aren't more sessions on Free and Open Source Software technologies. I thought we were getting somewhere in the education sector.  But sessions at Australia's premier ICT in education conference doesn't indicate we have much to show for it. At any rate, it led me to wonder "so what is there?" Here's the results of some random searches:

Search term	Results returned
Software	30
Open Source	2
Free Software	0
Web 2	16
IWB (Interactive Whiteboard)	6
laptop	7
teacher	91
student	100
curriculum	33
technology	58
web	41
internet	12
classroom	65
learning	115
teaching	53
programming	8
revolution	8

What conclusions can be drawn from this?  I'm not come to any as yet - but I'll be thinking more about it as I study the programmes for acec, vitta and k12openminds.

Conferences... hrmmmm.

[1] Singapore to Host Open Source Conference

Is it that time already? MySQL Conference & Expo 2009 has opened the CFP.

Submit (well) early and often. It’s always an exciting (and exhausting) conf. Good technical, relevant content is what makes it good. Getting to talk to people who do amazing things, people who use your software, people looking to use it, people who want to chat about how you can learn off each other.

Any suggestions for what you’d like to hear from me (Cluster, Drizzle et al) are welcome - either via private mail or comments here.

So after seeing Paul Fenwick rave about the presenter screen for OO 3, I decided to grab the debs and give it a go.

It still is very slow opening large presentations (i.e. mine), but it does look nicer at least… well… at least some of the widgets do.

Will report back when I’ve had a bit more time to fiddle with it.

My previous post titled AppArmor is Dead [1] has inspired a number of reactions. Some of them have been unsubstantiated opinions, well everyone has an opinion so this doesn’t mean much. I believe that opinions of experts matter more, Crispin responded to my post and made some reasonable points [2] (although I believe that he is overstating the ease of use case). I take Crispin’s response a lot more seriously than most of the responses because of his significant experience in commercial computer security work. The opinion of someone who has relevant experience in the field in question matters a lot more than the opinion of random computer users!

Finally there is the issue of facts. Of the people who don’t agree with me, Crispin seems to be the first to acknowledge that Novell laying off AppArmor developers and adding SE Linux support are both bad signs for AppArmor. The fact that Red Hat and Tresys have been assigning more people to SE Linux development in the same time period that SUSE has been laying people off AppArmor development seems to be a clear indication of the way that things are goind.

One thing that Crispin and I understand is the amount of work involved in maintaining a security system. You can’t just develop something and throw it to the distributions. There is ongoing work required in tracking kernel code changes, and when there is application support there is also a need to track changes to application code (and replacements of system programs). Also there is a need to add new features. Currently the most significant new feature development in SE Linux is related to X access controls - this is something that every security system for Linux needs to do (currently none of them do it). It’s a huge amount of work, but the end result will be that compromising one X client that is running on your desktop will not automatically grant access to all the other windows.

The CNET article about Novell laying off the AppArmor developers [3] says ‘“An open-source AppArmor community has developed. We’ll continue to partner with this community,” though the company will continue to develop aspects of AppArmor‘ and attributes that to Novell spokesman Bruce Lowry.

Currently there doesn’t seem to be an AppArmor community, the Freshmeat page for AppArmor still lists Crispin as the owner and has not been updated since 2006 [4], it also links to hosting on Novell’s site. The Wikipedia page for AppArmor also lists no upstream site other than Novell [4].

The AppArmor development list hosted by SUSE is getting less than 10 posts per month recently [6]. The AppArmor general list had a good month in January with a total of 23 messages (including SPAM) [7], but generally gets only a few messages a month.

The fact that Crispin is still listed as the project leader [8] says a lot about how the project is managed at Novell!

So the question is, how can AppArmor’s prospects be improved? A post on linsec.ca notes that Mandriva is using AppArmor, getting more distribution support would be good [9], but the most important thing in that regard will be contributing patches back and dedicating people to do upstream work (Red Hat does a huge amount of upstream development for SE Linux and a significant portion of my Debian work goes upstream).

It seems to me that the most important thing is to have an active community. Have a primary web site (maybe hosted by Novell, maybe SourceForge or something else) that is accurate and current. Have people giving talks about AppArmor at conferences to promote it to developers. Then try to do something to get some buzz about the technology, my SE Linux Play Machines inspired a lot of interest in the SE Linux technology [10]. If something similar was done with AppArmor then it would get some interest.

I’m not interested in killing AppArmor (I suspect that Crispin’s insinuations were aimed at others). If my posts on this topic inspire more work on AppArmor and Linux security in general then I’m happy. As Crispin notes the real enemy is his employer (he doesn’t quite say that - but it’s my interpretation of his post).

• [1] http://etbe.coker.com.au/2008/08/23/apparmor-is-dead/


• [2] http://blogs.msdn.com/crispincowan/archive/2008/09/02/go-ahead-make-my-day.aspx


• [3] http://news.cnet.com/8301-13580_3-9796140-39.html


• [4] http://freshmeat.net/projects/apparmor/


• [5] http://en.wikipedia.org/wiki/Apparmor


• [6] http://forge.novell.com/pipermail/apparmor-dev/


• [7] http://forge.novell.com/pipermail/apparmor-general/


• [8] http://forge.novell.com/modules/xfmod/project/memberlist.php?group_id=1864


• [9] http://linsec.ca/blog/2008/09/03/crispin-responds-to-allegations-that-apparmor-is-dying/


• [10] http://www.coker.com.au/selinux/play.html

Share This

I recently moved.

I found enough of the power supplies for USB disk enclosures to power on the most crucial disks (read: the ones attached to mythtv).

However, I have a disk I use for offsite backups. I need to find the dongle for it. Can I find it? No, of course not. I’m user it’s one of these 5 boxes of misc office crap (including *lots* of cables).

Why can’t we just have a standard USB disk enclosure power cable?

Please, pretty please.

The election results are in! The members of the new committee are:

President: Donna Benjamin
Vice President: Avi Miller
Secretary: Jiri Baum
Treasurer: Wen Lin
Ordinary Members: Rodney Brown, Peter Lieverdink, James Turnbull

Happy birthday crazyjane13 for Monday!

Google have announced a new web browser - Chrome [1]. It is not available for download yet, currently there is only a comic book explaining how it will work [2]. The comic is of very high quality and will help in teaching novices about how computers work. I think it would be good if we had a set of comics that explained all the aspects of how computers work.

One noteworthy feature is the process model of Chrome. Most browsers seem to aim to have all tabs and windows in the same process which means that they can all crash together. Chrome has a separate process for each tab so when a web site is a resource hog it will be apparent which tab is causing the performance problem. Also when you navigate from site A to site B they will apparently execute a new process (this will make the back-arrow a little more complex to implement).

A stated aim of the process model is to execute a new process for each site to clear out the memory address space. This is similar to the design feature of SE Linux where a process execution is needed to change security context so that a clean address space is provided (preventing leaks of confidential data and attacks on process integrity). The use of multiple processes in Chrome is just begging to have SE Linux support added. Having tabs opened with different security contexts based on the contents of the site in question and also having multiple stores of cookie data and password caches labeled with different contexts is an obvious development.

Without having seen the code I can’t guess at how difficult it will be to implement such features. But I hope that when a clean code base is provided by a group of good programmers (Google has hired some really good people) then the result would be a program that is extensible.

They describe Chrome as having a sandbox based security model (as opposed to the Vista modem which is based on the Biba Integrity Model [3]).

It’s yet to be determined whether Chrome will live up to the hype (although I think that Google has a good record of delivering what they promise). But even if Chrome isn’t as good as I hope, they have set new expectations of browser features and facilities that will drive the market.

Update: Chrome is now released [4]!

Thanks to Martin for pointing out that I had misread the security section. It’s Vista not Chrome that has the three-level Biba implementation.

• [1] http://googleblog.blogspot.com/2008/09/fresh-take-on-browser.html


• [2] http://www.google.com/googlebooks/chrome/


• [3] http://en.wikipedia.org/wiki/Biba_Integrity_Model


• [4] http://www.google.com/chrome

Share This

Oops..

At Google, we have a saying: “launch early and iterate.” While this approach is usually limited to our engineers, it apparently applies to our mailroom as well! As you may have read in the blogosphere, we hit “send” a bit early on a comic book introducing our new open source browser, Google Chrome.

The Wikipedia page has more info, apparently it’s based on WebKit. Expect the Windows beta in the next day or so, with Linux and OSX to come. Open source of course.

a

Google Chrome

I installed debian on my mum's machine lastnight, since windows is giving her such trouble.  For the first time ever, I let the installer do its thing instead of tweak everything the way it should be (ie, fvwm, etc).  Gnome *looks* quite slick.  It even does some things correctly.  It's a tentacled mess of undocumented crap, however I didn't let that affect me because it's not my machine and I don't have to deal with it.  It suspends, resumes, resizes the screen, and does other things that it should for someone who won't be going into it too deeply.  Sure, NetworkManager has no idea how to set up a working network, but I'll shoehorn resolvconf and pdnsd into it later today after I go home, copy the .debs onto a usb thingy, and ride over to mum's house to install it.  Then I imagine that the only thing to hold me up would be the fact that mum doesn't remember her email login passwords.

But now, at work, things are a different matter.  I am getting an observing machine set up, and have to deal with gnome a lot deeper (since these are embedded computers that have a single purpose in life, I'd rather just run fvwm or window-manager-less).  Well, deep enough to open up gnome-terminal.  OK, so read a manpage.  Close the manpage with an aim of copying some text.  Alternate screen switching bites me.  OK, work through the menu options to preferentially disable alternate screen switching, or failing that, at least switch back to the alternate screen temporarily so I can copy what I was going to copy.  No dice.  Neither can I set titeinhibit in an X resource. Gnome's dumbing down bites me.  You can't do either.  Plenty of people on the net offering suggestions like removing the tite strings from the term definitions (actually, I want something analagous to XTerm.VT100.tiXtraScroll, because I like the screen at least clearing, just not losing any of the scrollback buffer).  Fuck that.  Or set -X in $LESS, which of course does a fat lot of good for any other program such as vi, or emacs, or ...

What's the point of switching screens if you can't even switch screens on demand?

Who came up with this shit, and are they proud of themselves?  Does anyone actually *use* this crap?  Or do they just point and drool?  User friendly, my arse.

The claw has chosen!

Squeeze

If you don’t recognise the name from Toy Story, here’s a small hint..

Image courtesy of Jean-Etienne Poirrier under a CC license.

a

Next Debian release name announced

I’ve swapped to a new theme called Atahualpa which looks quite nice and has a lot of configuration settings to tweak, as well as being a variable width three column theme. As usual if you spot any problems please let me know!

a

New theme - Atahualpa

Michael Janke is writing a series of posts about estimating availability of systems, here is a link to the introduction [1]. He covers lots of things that people often miss (such as cooling). If you aren’t about to implement a system for reliability then it’s an interesting read. If you are about to implement a system where reliability is required and you have control of the system (not paying someone else to run it and hope for the best) then it’s an essential read. It will probably also be good to give this URL to managers who make decisions about such things.

Interesting summary of the connections between the Iraq war and the oil industry in the Reid Report [2]. The suggestion made by one of the sources she cites is that the intention of the war was to reduce the supply of Iraqi oil to increase prices. Sam Varghese has written an essay about this which summarises where the Iraqi oil goes [3]. It seems that half of Iraq’s oil goes to US military use, the other half is used domestically, and some oil is imported as well! So because of the US occupation the country with the second largest known oil reserves is importing petroleum products! If the US military was to cease operations world-wide then the oil price would drop significantly, this doesn’t just mean the occupation of Iraq and the various actions in South America, but also the bases in Germany and Japan.

Interesting paper by Alexander Sotirov and Mark Dowd about Bypassing Browser Memory Protection in Windows [4]. This paper is good for people who are interested in computer security but don’t generally use Windows (such as me), if you want to learn about the latest things happening in Windows land then this is a good place to start.

A well researched article by Rick Moen about the unintended effects of anti-gay-marriage laws [5]. Maybe some of the “conservatives” who advocate such laws should get themselves and their spouses tested. It would be amusing if someone like Rush Limbaugh turned out to be involved in a “gay marriage”.

What Sysadmins should know about exposure to hazardous materials [6]. High-level overview of the issues, probably a good start for some google searches to get the details.

Diamond John McCain is an interesting blog about the 73 year old (who was born in Panama) candidate in the US presidential election [7].

Update: Corrected my statement about Iraq’s oil reserves based on a comment by Sam.

• [1] http://lastinfirstout.blogspot.com/2008/07/estimating-availability-of-simple_04.html


• [2] http://blog.reidreport.com/2008/08/war-for-iraqi-oil.html


• [3] http://gnubies.com/comment/oil.html


• [4] http://taossa.com/archive/bh08sotirovdowd.pdf


• [5] http://linuxmafia.com/faq/Essays/marriage.html


• [6] http://blogs.techrepublic.com.com/networking/?p=637


• [7] http://diamondjohnmccain.blogspot.com/

Share This

I just read an interesting post about latency and how it affects web sites [1]. The post has some good ideas but unfortunately mixed information on some esoteric technologies such as infiniband that are not generally applicable with material that is of wide use (such as ping times).

The post starts by describing the latency requirements of Amazon and stock broking companies. It’s obvious that stock brokers have a great desire to reduce latency, it’s also not surprising that Google and Amazon analyse the statistics of their operations and make changes to increase their results by a few percent. But it seems to be a widely held belief that personal web sites are exempt from such requirements. The purpose of creating content on a web site is to have people read it, if you can get an increase in traffic of a few percent by having a faster site and if those readers refer others then it seems likely to have the potential to significantly improve the result. Note that an increase in readership through a better experience is likely to be exponential, and an exponential increase of a few percent a year will eventually add up (an increase of 4% a year will double the traffic in 18 years).

I have been considering hosting my blog somewhere else for a while. My blog is currently doing about 3G of traffic a month which averages out to just over 1KB/s, peaks will of course be a lot greater than that and the 512Kb/s of the Internet connection would probably be a limit even if it wasn’t for the other sites onn the same link. The link in question is being used for serving about 8G of web data per month and there is some mail server use which also takes bandwidth. So performance is often unpleasantly slow.

For a small site such as mine the most relevant issues seem to be based around available bandwidth, swap space use (or the lack therof), disk IO (for when things don’t fit in cache) and available CPU power exceeding the requirements.

For hosting in Australia (as I do right now) bandwidth is a problem. Internet connectivity is not cheap in any way and bandwidth is always limited. Also the latency of connections from Australia to other parts of the world often is not as good as desired (especially if using cheap hosting as I currently do).

According to Webalizer only 3.14% of the people who access my blog are from Australia, they will get better access to my site if hosted in Australia, and maybe the 0.15% of people who access my blog from New Zealand will also benefit from the locality of sites hosted in Australia. But the 37% of readers who are described as “US Commercial” (presumably .com) and the 6% described as “United States” (presumably .us) will benefit from US hosting, as will most of the 30% who are described as “Network” (.net I guess).

For getting good network bandwidth it seems that the best option is to choose what seems to be the best ISP in the US that I can afford, where determining what is “best” is largely based on rumour.

One of the comments on my post about virtual servers and swap space [2] suggested just not using swap and referenced the Amazon EC2 (Elastic Computing) cloud service and the Gandi.net hosting (which is in limited beta and not generally available).

The Amazon EC2 clound service [3] has a minimum offering of 1.7G of RAM, 1EC2 Compute Unit (equivalent to a 1.0-1.2GHz 2007 Opteron or 2007 Xeon processor), 160G of “instance storage” (local disk for an instance) running 32bit software. Currently my server is using 12% of a Celeron 2.4GHz CPU on average (which includes a mail server with lots of anti-spam measures, Venus, and other things). Running just the web sites on 1EC2 Compute Unit should use significantly less than 25% of a 1.0GHz Opteron. I’m currently using 400M of RAM for my DomU (although the MySQL server is in a different DomU). 1.7G of RAM for my web sites is heaps even when including a MySQL server. Currently a MySQL dump of my blog is just under 10M of data, with 1.7G of RAM the database should stay entirely in RAM which will avoid the disk IO issues. I could probably use about 1/3 of that much RAM and still not swap.

The cost of EC2 is $US0.10 per hour of uptime (for a small server), so that’s $US74.40 per month. The cost for data transfer is 17 cents a GIG for sending and 10 cents a gig for receiving (bulk discounts are available for multiple terabytes per month).

I am not going to pay $74 per month to host my blog. But sharing that cost with other people might be a viable option. An EC2 instance provides up to 5 “Elastic IP addresses” (public addresses that can be mapped to instances) which are free when they are being used (there is a cost of one cent per hour for unused addresses - not a problem for me as I want 24*7 uptime). So it should be relatively easy to divide the costs of an EC2 instance among five people by accounting for data transfer per IP address. Hosting five web sites that use the same software (MySQL and Apache for example) should reduce memory use and allow more effective caching. A small server on EC2 costs about five times more than one of the cheap DomU systems that I have previously investigated [4] but provides ten times the RAM.

While the RAM is impressive, I have to wonder about CPU scheduling and disk IO performance. I guess I can avoid disk IO on the critical paths by relying on caching and not doing synchronous writes to log files. That just leaves CPU scheduling as a potential area where it could fall down.

Here is an interesting post describing how to use EC2 [5].

Another thing to consider is changing blog software. I currently use Wordpress which is more CPU intensive than some other options (due to being written in PHP), is slightly memory hungry (PHP and MySQL), and doesn’t have the best security history. It seems that an ideal blog design would use a language such as Java or PHP for comments and use static pages for the main article (with the comments in a frame or loaded by JavaScript). Then the main article would load quickly and comments (which probably aren’t read by most users) would get loaded later.

• [1] http://highscalability.com/latency-everywhere-and-it-costs-you-sales-how-crush-it


• [2] http://etbe.coker.com.au/2008/08/27/killing-servers-virtualisation-and-swap/


• [3] http://www.amazon.com/b/?node=201590011


• [4] http://etbe.coker.com.au/2008/05/28/xen-hosting/


• [5] http://www.protocolostomy.com/2008/08/27/more-adventures-in-amazon-ec2-and-ebs/

Share This

So much for Microsoft promises, according to El Reg:

The dirty secret is buried deep down in the «Compatibility view» configuration panel, where the «Display intranet sites in Compatibility View» box is checked by default. Thus, by default, intranet pages are not viewed in standards mode.

The icon they’ve selected for standards compliant pages is also a little odd..

I do prefer El Reg’s idea that they use the ACID2 test image instead..

a

Microsoft goes back on IE8 standards promise for Intranet sites

Went on a lovely lunchtime cruise. Pleasure Boat Cruises was holding one of their Corporate Open Days, which means drinks and nibbles and a short cruise around the waters of Docklands.  The weather could not have been more perfect!  What a great opportunity to test out the new camera.
Have also been working on Melbourne's Software Freedom Day event....  updating artwork, ordering stuff, getting funding etc. Great to be able to say that the Melbourne celebration is supported by the Victorian Government! Thanks to Multimedia Victoria!

Windows FAIL.

It has been suggested the current thing I’m trying to fix is actually a bug in the Microsoft linker…. and I’m quite willing to believe that.

I wonder if I can expense rehab if this Windows port leads to a drinking problem….

What can I say? I'm disappointed that such a surprisingly large number of people have bought into the fear, uncertainty and doubt.

And yet the study reveals that almost 40 per cent of voters believe the Government should be doing more to prevent terrorism

Do more what? Prevent what terrorism? The only people I see wanting to commit terrorism are those that want to blow up the TSA to rid the world of a small number of really really really stupid people.

Taxpayers' money we waste on excessive counter-terrorism measures is money we can't spend reducing the gap between white and indigenous health - or, if that doesn't appeal, on buying Olympic medals.
-- Ross Gittins

Good to see the Hollowmen back on TV. I had been missing them.

Happy birthday halloranelder for yesterday.

read more

A decent portion of last weekend was spent in wonderful company, poring over little gems on YouTube. One such gem being this scene from Jim Jarmusch's Coffee and Cigarettes. The expressions on Iggy Pop's and Tom Waits' faces at various points are what makes it absolute gold.

I don't know who came up with this idea, but they've just wasted about six hours of my Saturday: dynamic firewalling on a VPN network. It appears to block access to tcp ports, on the fly, if there's nothing listening at the remote end - and then leave them blocked for an extended period of time. So, what happens when you shut down a three-node Oracle cluster for some maintenance? Some users - or other automated processes - try to connect to them while they're down, and when they come back up again, no-one can connect at all.

This is then followed by a long, frantic attempt to prove that nothing has changed on the servers between reboots, because "this was all working fine before it was rebooted and now it doesn't work" is rather hard to argue with.

So, thanks large-telco security people. I only had four hours' sleep last night, and today I didn't even get to see daylight.

Now this is a blogworthy event (not much else has been). My computer actually crashed, and I wasn't doing anything silly and hardware related at the time. It certainly crashed in an amusing fashion.

The machine had been running under quite a high network, cpu and process load, and was running quite warm (but not too hot). I just noticed that a file I had asked a multithreaded program to save hadn't hit the disk yet (as in, wasn't even appearing in a directory listing). Then I noticed the time in my $PROMPT was about 7 minutes behind the real time, and about 7 minutes behind the time output in a previous $PROMPT. Various commands started failing when they were trying to get file information (but not always). Most of my $PROMPTS started hanging. Nothing in dmesg telling me what was wrong (other than CPU temperature related warnings). Load wasn't increasing through the roof, but load wasn't being updated because obviously time had stepped backwards. Eventually the mouse stopped responding (perhaps when time started going forwards relative to the point at which it stepped back). And all I had was alt-sysrq-s-u-b (which was recalcitrant itself).

Weird. I might have a virus :)

Hey, at least it gave me a chance to restart X and try out the fix to bug #491526.

Happy birthday stealthflower and sly_girl.

New toy showed up today, a Canon EF 200 f/1.8 L.

Shiny.

A proper test will have to wait for another day as I get to spend this weekend inside a datacenter.

The deadline for submitting a bid to host linux.conf.au 2010 is just 7 days away. For those who may have missed the announcement, here is the bid schedule:

• Call for bids: Opened 1 Aug
• Bid document deadline 1: 29 Aug
  
• LA Provides feedback on bid document 1: 5 Sep
  
• Final bid documents: 19 Sep
  

The call for papers for LCA2009 in Hobart closed and submissions are now being reviewed. A couple of weeks back Liz Tay published a story at ITnews - linux.conf.au 2009 shapes up and having overheard a few of the reviewers comments about the quality of submissions, I suspect we are once again in for an amazing conference for Linux users and developers, and their open source friends.

To be honest though, for me... the best part of all this is that I get to just sit back, watch and enjoy.

Unfortunately, Matthew is correct, and it seems that Ryan Farmer is the idiot that signed a few of us up to about 200 mailing lists this morning. Not only do I trust Matthew's analysis (and was watching him go through the various steps on IRC as it happened), but then there were two other bits.

Ryan refused to approve two of my comments I made on his latest blog entry (more than happy to screenshot this). He claimed he too had been spammed, and had to abandon his email address of a few years. Even if you ignore the length of the text blanked out in the title bar not even remotely matching the length of his personal email address, there were only 131 messages in the inbox, of which 127 were unread, and no others but spam visible. He claimed they were archived; I offered to publicly apologise if he'd do a quick screencast showing him logging into that account and showing some messages from the archive to prove the point. Unfortunately he didn't bother approving these comments. (Incidentally, if you had to 'abandon' an email address due to an avalance of newsletters, et al, which took an hour or two to fully unsubscribe from, would you still bother blacking out the address everywhere?)

As per his standard 'insult everyone with random images from the internet and YouTube videos, then wildly claim conspiracies against him' policy, he went on to claim Matthew was conspiring against him, but given the choice between Matthew conspiring and severely irritating a few of his friends in the process, and some scorned 16-year old continuing his track record of acting like an irrational, immature idiot, I know which one I'd pick.

It takes some skill to be banned from all the Ubuntu IRC channels and the Ubuntu forums both, but I guess this morning showed that was completely justified. Apologies to everyone waiting on the announcement of sponsorship for XDS, as well as hotels, but unfortunately some people just can't conceive of having better things to do than acting like chavs. Hopefully IzanbardPrince/TheAlmightyCthulu/etc goes back to impersonating Kevin Carmony, flaming the bejesus out of companies using BIOSes which trip Linux bugs, and other, equally productive, uses of his time.

Who are you?

If you're reading this blog right now could you take a moment please to leave a comment and tell me who you are?
And where did you stumble on this blog?
 - planet LA?
 - friends page on LJ ?
 - somewhere else?

What are your interests? what do you like to read about? where do you go for new news?

Do you do delicious? twitter? identi.ca?

Have you got a facebook or myspace page? Or something else?

Anything else you'd like to add?

gxine is my Linux media player of choice, partly because it's nice and light, but mostly because it just works, unlike certain other players which will remain nameless. It has a nice feature that allows only one instance of it to be invoked on any one desktop, so if you play a number of files/streams from external applications, you don't end up with multiple copies of gxine running.

Unfortunately, for the last few months, this feature has been broken in Debian (and Ubuntu too, so it seems ... and now that I look at it, the problem comes from upstream). A bit of a look into the code shows that the reason for this is that at some point, gxine moved its configuration files from $HOME/.gxine/ to $HOME/.config/gxine/ - a bizarre location which just reeks of GNOME or some other overly-pedantic committee - but the server code has been left in the old location, and hence the socket for communication can't be created.

The following (trivial) patch fixes it:

diff -urN gxine-0.5.903/src/server.c gxine-0.5.903.fixed/src/server.c
--- gxine-0.5.903/src/server.c  2008-08-08 20:29:48.000000000 +1000
+++ gxine-0.5.903.fixed/src/server.c    2008-02-12 04:18:45.000000000 +1100
@@ -40,7 +40,7 @@
 #define LOG
 */
 
-#define SOCKET_FILENAME "%s/.gxine/socket"
+#define SOCKET_FILENAME "%s/.config/gxine/socket"
 #define BUF_SIZE        1024
 
 static int       gxsocket;

Just sitting in Vienna airport now on my way back from GUADEC 2006. Got some really good and productive hacking done, pimped the Maemo platform from our stand, ate tapas, drank sangria, and drank beer on the Mediterranean, sifting the sand through my fingers before just jumping in. There was also some kind of conference arrangement going on, which was quite good.

Was also great to meet all the crew, old and new, including some of the fellow Nokia crew I met for the first time either in the bungalows or on the stand.

The advantages of being in Catalunya soon became clear as well (if they weren't already), when the bartender started bringing us free drinks -- shots of some kind of something or other which was utterly incredible -- and taking photos of all of us, either because we were buying lots of drinks, because he liked Jono's beard, or because Bastien and one of the VMWare dudes showed up to cheer loudly for France in the soccer, Bastien with his French shirt on. Took a bunch of pictures when I went to Barcelona which I'll upload at some stage; hijacked Ross's DSLR for a while too, and managed to take about two hundred pictures of the same peoples' heads, half of them out of focus.

The food varied from great to gold-plated, diamond-embezzled, awesome, of course. The only real complaint was the absolutely oppressive heat; not even as bad as Melbourne in summer, but still oh-my-god-I'm-dying-how-long-till-I-get-back-to-Helsinki.

Thanks for a fantastic conference, Quim and team!

Have been feeling rather unwell for the past couple of days, so I decided, while I feel like death warmed up, how could hacking at Valgrind possibly make it worse?

I took Tilman Sauerbeck's extended version of Dave Airlie's valgrind-mmt, and cleaned up a couple of minor bits -- changed the offset to be specified in hex, added support for repetitions (e.g. 'repeated 255 times', instead of the same line 256 times over), and also added support for the in*/out* family on AMD64, which was quite entertaining as I've not really touched either assembly or Valgrind before. Got it working in the end, despite libVEX's best efforts to frustrate me, and ended up feeling slightly better as well. Huzzah.

Anyway, 'sudo valgrind --tool=mmt --offset=0xc1000000[0] /usr/bin/Xorg :0 -ac > x.log 2>&1' will trap all MMIO accesses made by X or its VBIOS, provided you run the BIOS through x86emu instead of lrmi.

Postscript: spent a few minutes after writing this trying to figure out if there was anything I should've said, and didn't. Now, hours later, I realise there was one minor detail omitted: the URL. gitweb is just there, and the anonymous clone URL is git://people.freedesktop.org/~daniels/valgrind.

[0]: Get the base address with lspci -v. Your video card should have two PCI regions, of which one is big (your main video memory), and the other one is 32 or 64kB (the MMIO space, i.e. the bit you want).

Everyone on #xorg-devel has seen me harassing people about our current stats with bugs. If anyone with knowledge of the X codebase felt like coming in and doing a bunch of really painful, unrewarding, triage work, it'd be massively appreciated. That NEW line should really continue plummeting down! On that note, I'd like to publicly big up Erik Andren in particular, for doing a ton of awesome triage work so far to help us get that graph down, and help beat our Bugzilla into something usable that helps us, rather than its current awfulness.

I think I found ours this afternoon, I was installing a new test (2.6.24) kernel on it and noticed that update-grub found some very old kernels, the oldest (2.0.36) has a modification date of July 1999 which must be close to a record (and as far as I can tell is the systems install date).

Given the date & kernel the box was probably installed with the then-new Debian Slink (released in March that year).

That means the box has been in production (yes, with one hardware refresh) for over nine years.


sncrtr1:~# update-grub
Searching for GRUB installation directory ... found: /boot/grub .
Testing for an existing GRUB menu.list file... found: /boot/grub/menu.lst .
Searching for splash image... none found, skipping...
Found kernel: /vmlinuz-2.6.24-1.editure.1-686
Found kernel: /vmlinuz-2.6.20.3-p3
Found kernel: /vmlinuz-2.4.31-myinternet.1-p3
Found kernel: /vmlinuz-2.4.29-myinternet.2-p3
Found kernel: /vmlinuz-2.4.29-myinternet.1-p3
Found kernel: /vmlinuz-2.4.26-myinternet-p3
Found kernel: /vmlinuz-2.4.25-myinternet-p3
Found kernel: /vmlinuz-2.4.21-myinternet-p3
Found kernel: /vmlinuz-2.2.25-myinternet
Found kernel: /vmlinuz-2.2.23-myinternet
Found kernel: /vmlinuz-2.0.36
Updating /boot/grub/menu.lst ... done


Vodafone in Australia offers a pretty good mobile data plan - 5Gb for $39.95 per month. They have recently upped the price to $49.95 p/m.

Unlike 3, vodafone doesn't offer a public IP addresses to their "mobile broadband" customers. Vodafone pitch this as a business product. I don't agree with it, but I can see how you could justify only offering a NAT'd IP address when using your handset to access the internet or maybe even as a tethered modem. Such logic can't be sustained when offering a HSDPA modem as a "mobile broadband" service. If it is mobile "broadband" then it should be similar to a fixed line broadband service.

After discovering VF only offer a handful of gateways for their data customers, I tried finding out about getting a dynamic public IP address.

To cut a long story short, after 4 calls to data support, and about the same to corporate support, I was at a dead end. Consumer data support told me that I needed to talk to Corporate data support, who wouldn't talk to me as I wasn't a corporate customer.

Eventually I gave up and called the TIO, who, as always were great. I then called the Vodafone complaints team who struggled with all the details of broadband, public IPs, gateway IPs, various service acronyms and the terms which I had agreed to.

After a few more phone calls and waits I was finally awarded my dynamic static IP address. They add something to your account to give you access to the full access APN which gives you a public IP and no port restrictions. For the record the APN is "internet", instead of the normal "vfinternet.au", but this won't work unless VF enable it for you. I some how think Vodafone award access as a prize for persistence.

I did a quick check on the vf.au site again tonight and it seems the small print is the same, so if you sign up for the service I think you have good ground for getting a public dynamic IP like I did. It will just take jumping through a few hoops.

Update: The title should have read public not static IP.

They drove through my little town, taking pictures of my flat, my work (the enormous white phallic (yet fuzzy, and hence SFW) thing in the background. If they asked, I'm sure we would have let them up to the dome), and the two ginormous hills between my flat and my work? Cool! (Not that I'm going to show you where I live :). That's a lot of effort to go to for the sake of a town with 2500 people in it. But most impressive, is that they must have driven through town in December last year, because they drove through the flooded weir at the bottom of town. In the one time it had been flooded in the past year. I was going to call them stupid, but most of the water had already gone -- it had been up to the top of the road at its heights. Those floods were really rushing. Clearly, the satellite view pictures had been taken at an entirely dryer time.

...but unfortunately, I can't.

We had to wait six years for that? Puh-lease.

Posted several days later, but just copy/pasted from what I wrote on the flight.

I'm writing this from my economy class seat on a Qantas flight from Melbourne to New York for the HOPE conference. As the flight was delayed by over three hours (which may cause me to miss my connection to New York, either way it will be tight) so I'll soon (well, in another nine hours) get to experience some of the sights & sounds referenced in the book, both from the US Government & the hackers fighting against them.

I come to Little Brother with a different perspective then most as my day job is to run large-scale systems that filter web & e-mail for primary & high school students worldwide (>2 million direct users) so anything that allows students to bypass our systems would of course be considered a bug.

The concept & use of pervasive tracking presented in the novel is both depressing and seemingly quite likely. I really do hope that schools don't get forced (won't somebody please think of the children!) into some version of this. Working with schools I know how tight the purse strings are, and, at least in Australia, I feel confident that this wouldn't get deployed unless & until legislation was padded requiring its use. Simple surveillance is more likely, and less objectionable as the "but everybody else is doing it" excuse will hold some sway here.

The sad fact of life is that w15t0n's father would be extremely common, as we've seen in America, with so few people objecting to the erosion of their civil liberties even when presented with some solid evidence.

So from my perspective could ParanoidLinux work. In short no. The problem is it's easy to do cross-comparisons of an aggregate of users and do exactly the sort of profiling suggested in the book. The mere act of overwhelming the data collection systems is data in itself.

Xnet on the other hand could work. There's practical problems with NAT's etc, but there's absolutly no reason why it couldn't work, especially when a net like that actually scales. TOR itself is an example of the concept, a closer one might be FreeNet.

However, there are simpler solutions that would actually work. IP-Over-DNS does actually work most of the time. I only know of a few cases where people have created intellegent caching DNS implementations that block IP-Over-DNS. However if you have a server available, just having SSH listen on port 443 works just as well most of the time as people very rarely ensure that the port someone does a "CONNECT" to is actually HTTPS.

As for myself, all of my important communications are encrypted via SSL or PGP, with keys verified wherever possible. While I don't encrypt my laptop's hard drive I do use encrypted swap to hopefully ensure data I keep stored encrypted (like the backup passwords for several hundred servers around the world) can't be easily leaked. I do also gain some small measure of protection by running a 64-bit linux, instead of something where government trojans might be more easily available.

So will I buy the print book? I'm not sure; if I happen to see it in a shop, probably, but otherwise I guess not. On another hand I'll certainly be recomending it to people.

In light of this week's expensive, overhyped mass hysteria and worshipping of false idols (of the hypocritical, old, sexist, mysogynistic male variety) - not to mention the cynical marketing exercise - and the fawning, uncritical press it has been receiving from the Murdoch tabloid and semi-tabloid media (and even bloody SBS, although they should know better), I felt it might be an appropriate time to note that in some parts of Australia, blasphemy may still be a crime.

From an article by Kate Gilchrist, published in Arts Monthly in 1997:

"The existence of blasphemous libel is unclear in Australia. Each State has its own criminal law which suggests different positions. The fact that in Victoria, under section 469AA of the Crimes Act 1958 (Vic), blasphemous publications may be seized, may indicate the possible existence of blasphemous libel in Victoria. In New South Wales the criminal offence of blasphemous libel is still recognised by explicit reference to the offence in the Defamation Act 1974 (NSW) and the Crimes Act 1900 (NSW). The Australian Capital Territory has adopted the NSW Crimes Act. In Tasmania there is express reference to blasphemous libel in the Tasmanian Criminal Code. In Queensland and Western Australia, where there are criminal codes, the offence of blasphemous libel has been abolished. The position is unclear in South Australia and the Northern Territory where there is no express mention of blasphemous libel in the criminal legislation. With respect to the Commonwealth, there is no express offence of blasphemous libel in the Crimes Act 1914 (Cth) although there is other Commonwealth legislation that refers to blasphemy.

If blasphemy is a crime, then like media-shifting and copy-control circumvention, it is an utterly victimless crime. And like those two other victimless crimes, it is one committed by thousands of people every day, and is almost never policed.

Thus, I would like to declare this week to be World Blasphemy Day (if the Catholics can string 24 hours out for an entire seven days, then so can I). Legislation should have an element of logic to it; we shouldn't have archaic, irrelevent laws created from works of fiction like the bible, that give vocal zealots a free kick at non-believers and critics, and are so vague that they present authorities with ample opportunity for victimisation of anyone they take a dislike to.

So fer chrissake, it's time to tell governments and religions where they can stick their blasphemy laws.

Arrived last night into JFK, I tried the AirTrain to Jamaica then the Subway to Penn Station. Went well and I'd suggest it to anyone (well, anyone who has the self confidence to board a foreign subway by themselves at 10PM).

Two things the Melbourne system has that the NYC one doesn't are "next train" boards and breaks that don't squeal painfully at every stop.

On the other hand the New York system clearly works well with a huge number of passengers, and I've not had longer then a five minute walk to a station. If you're in New York I strongly suggest purchasing the unlimited MetroCard, it just gives you the freedom to go where you want.

This morning I took a recommendation from an old friend of mine (Albert Ullin on the off-chance anyone reading this knows him) and took the Circle Line's 3 hour long water tour of Manhattan. It was an excellent voyage, and I managed to fill up a 4GB CF card with the photos (the flickr upload will have to wait until I get some decent bandwidth). I managed to get some decent shots of all five of the man made waterfalls, and also more helicopters then I normally see in a year.

After the tour I went to see the Citicorp Tower to see if the building was as impressive in real live as in photos. Unfortunately shops have been built around the base making it seem like just another skyscraper, really disappointing.

I dropped by the 5th Avenue Apple store where there was a very large line of people outside waiting to buy 3G iPhone's. I went in where it was also very busy and picked up the Shure add-on to allow using any headphones as a headset.

Then I walked across to Central Park where I had a nice relaxing (well, no it was 30+ and I was sweating like hell) walk across the park to the natural history museum where I caught the subway back to my hotel.

By the time I made it back HOPE preregistration had started and I headed on down and got myself my RFID badge in preparation for what should be an excellent time.

This evening Fog Creek Software (Joel Spolsky's company) had an open house with plenty of food, wine and good conversation. I got some nice shots of the offices, and saw with interest the plans for their new offices which are no longer slanted.

On my way back to the Hotel I walked past B&H photo, but they had just closed for the day. I guess I'll try again some other time.

It was only once I had walked back to the hotel and was chatting with some of the HOPE people that I finally got a genuine New York welcome (well, sorta), I've been in the city for a day now, and finally heard someone tell someone else to "F#$% off".

Dave Hall Consulting has been growing strongly. We currently have a couple of contractors working on various projects. We are about to commence a significant new project and so need more hands on deck.

We are not looking for website developers. If you are a web application developer with at least 2 years commercial PHP experience looking for contract work, email your resume to jobs@davehall.com.au. Make sure you include links to code you have worked on.

You should have FOSS development experience, although some of the work will be proprietary client systems, they will be built on top of FOSS stacks. We are based in Melbourne, but the current team is distributed, so telecommuting is fine. Experience with cross platform JS and CSS is essential. Knowledge of Zend Framework, PHPUnit and YUI are preferred. We value elegant quality solutions, as should you. A good grasp of written and spoken English is a must. Pay, hours and term of contract are all negotiable.

Update: The job has gone. We have one new contractor starting today and another will be starting work on small projects soon.

A couple of days ago I was emailed a scanned invoice as a PDF. I was planning to just print it and file it, as the tax office here still requires dead tree records for 7 years last time I checked. Before printing it on 100% post consumer waste recycled paper, I opened it in evince. Nothing spectacular in any of that.

Then it happened, I accidentally clicked and dragged on the page. All of a sudden evince was highlighting the printed text on the page. This was a bitmap embedded in a PDF. Evince was using OCR to highlight the contents of the page.

There are moments every so often I am amazed by the features talented hackers add to FOSS. This was one of those moments. I will never look at evince the same way again.

I had a similar reaction when properly using the awesomebar in firebox 3 for the first time.

Update After seeing the comment below from Mr X, I checked evince with a few more PDFs and unfortunately evince wasn't doing OCR in real time. The text is embedded in the PDF. Maybe one time this will be possible. Any evince developers reading, please consider this a feature request.

I am still impressed with evince, just a little less impressed than I was.

Yesterday Internode annouced that they will be hosting the Australian SourceForge.net mirror. Internode has been a long term supporter of FOSS. They are one of the few ISPs who officially support Linux. They offer their massive mirror, which has terabytes of FOSS, to the world.

The new SourceForge mirror will be available to the world. The Australian mirror was previously hosted by Optus. Optus hosts other mirrors for FOSS projects including ubuntu. Unfortunately their mirrors are not as reliable as many users would like. The Australian sf.net mirror should be rock solid if Internode's past performance is anything to go by.

Like the other content Internode mirrors, the sf.net mirror will be unmetered for node's ADSL customers. This is in addition to a large amount of other unmetered content, such as ABC content, almost 100 streaming radio stations and other services..

I use and recommend internode to anyone who is interested in high quality ADSL services. The support for FOSS is a secondary consideration, as it is pointless having access to it all, but the connection being down all the time.