Planet LUV

July 03, 2009

Tim ConnorsIF YOU ARE A BRASS MONKEY, I STRONGLY ADVISE YOU TO STAY IN THE CONTROL ROOM

Dammit, it's 1.4 degrees, and it's *raining*, not snowing. Why can't it snow? Ok, so it's a phase change and phase changes take energy and are hard. But it was already frozen when it was in the clouds, so it takes more energy to heat it up to falling rain water drops, rather than let it stay frozen and give me my snow!

OK, so next you'll use the excuse that it's not falling from the clouds and hence never was in the form of hail; it's just precipitating from the fog surrounding the mountain[1], but pishtosh. I want my snow.


PS. The subject of this post was the easter egg featuring in the old CCS control system (they dedicated 40+ words[3] out of the 2.5Mwords available to an easter egg‽) if you entered an atmospheric temperature of 0degC or below. I found it only once in the 2 two winters I worked with it before the CCS was replaced. I tried to convince the other software guy up here to add that to the status display of the new TCS when he encountered -0.4degC a couple of weeks ago.

PPS. US patent 4634021 is cool. As is Stanthorpe, Queensland. Quite cool.

[1] Last time I was on shift, I had my motorbike up here, and *really* had to get it down off the mountain at the end of shift so I could go riding on the 5 day long weekend[2]. And I woke to a torrential downpour. But I knew all I needed was 5 minutes to get off the mountain, and I'd be fine to get home. I had to wait more than 2 hours for that 5 minute gap, and not before 90mm of rain fell. Indeed, at the bottom of the mountain, the road was relatively dry -- in town, 5mm had fallen the whole day. Who decided to build an observatory in a dam rainforest? (sorry, I'm channeling the American sitting across from me waiting to finally get some observing in one of these days).

[2] The weather was bad. I decided to stay inside instead.

[3]
      INTEGER*2 MBM(38)
C
      DATA MEM / 'ENTER METEOROLOGICAL PARAMETERS '/
      DATA MCU / '(CURRENTLY  #^^ DEG C,  #^^^ MM HG) '/
      DATA MMP / 'METEOROLOGICAL PARAMETERS:'/
      DATA MT  / '  TEMPERATURE  =  #^^  DEG C'/
      DATA MP  / '  PRESSURE     = #^^^  MM HG'/
      DATA MBM / 'IF YOU ARE A BRASS MONKEY, I STRONGLY AD',
     :                 'VISE YOU TO STAY IN THE CONTROL ROOM'/
...
      IF (T .GT. 0.0) GO TO 300
      CALL IODO('OW.',6,MBM,76)
      GO TO 300

July 02, 2009

etbeDomainKeys and OpenSSL have Defeated Me

I have previously written about an error that valgrind reported in the STL when some string operations were performed by the DKIM library [1]. This turned out to be a bug, Jonathan Wakely filed GCC bug report #40518 [2] about it, Jonathan is one of many very skillful people who commented on that post.

deb http://www.coker.com.au lenny gcc

I’m still not sure whether that bug could actually harm my program, Nathan Myers strongly suggested that it would not impact the correct functionality of the program but mentioned a possible performance issue (which will hurt me as the target platform is 8 or 12 core systems). Jaymz Julian seems to believe that the STL code in question can lead to incorrect operation and suggested stlport as an alternative. As I’m not taking any chances I built GCC with a patch from Jonathan’s bug report for my development machines and then built libdkim with that GCC. I created the above APT repository for my patched GCC packages. I also included version 3.4.1 of Valgrind (back-ported from Debian/Unstable) in that repository.

Nathan Myers also wrote: “Any program that calls strtok() even once may be flagged as buggy regardless of any thread safety issues. Use of strtok() (or strtok_r()) is a marker not unlike gets() of ill thought out coding.” I agree, I wrote a program to find such code and have eliminated all such code where it is called from my program [3].

I think it’s unfortunate that I have to rebuild all of GCC for a simple STL patch. My blog post about the issue of the size and time required to rebuild those packages [4] received some interesting comments, probably the most immediately useful one was to use --disable-bootstrap to get a faster GCC build, that was from Jonathan Wakely. Joe Buck noted that the source is available in smaller packages upstream, this is interesting, but unless the Debian developers package it in the same way I will have to work with the large Debian source packages.

I have filed many bug reports against the OpenSSL packages in Debian based on the errors reported by Valgrind [5]. I didn’t report all the issues related to error handling as there were too many. Now my program is often crashing when DomainKeys code is calling those error functions, so one of the many Valgrind/Helgrind issues I didn’t report may be the cause of my problems. But I can’t report too many bugs at once, I need to give people time to work on the current bug list first.

Another problem I have is that sometimes the libdkim code will trigger a libc assertion on malloc() or free() if DomainKeys code has been previously called. So it seems that the DomainKeys code (or maybe the OpenSSL code it calls) is corrupting the heap.

So I have given up on the idea of getting DomainKeys code working in a threaded environment. Whenever I need to validate a DomainKeys message my program will now fork a child process to do that. If it corrupts the heap while doing so it’s no big deal as the child process calls exit(0) after it has returned the result over a pipe. This causes a performance loss, but it appears that it’s less than 3 times slower which isn’t too bad. From a programming perspective this was fairly easy to implement because a thread of the main program prepares all the data and then the child process can operate on it – it would be a lot harder to implement such things on an OS which doesn’t have fork().

DomainKeys has been obsoleted by DKIM for some time, so all new deployments of signed email should be based on DKIM and systems that currently use DomainKeys should be migrating soon. So the performance loss on what is essentially a legacy feature shouldn’t impact the utility of my program.

I am considering uploading my libdomainkeys package to Debian. I’m not sure how useful it would be as DomainKeys is hopefully going away. But as I’ve done a lot of work on it already I’m happy to share if people are interested.

Thanks again for all the people who wrote great comments on my posts.

Stewart SmithDogfooding a pastebin

http://pastebin.flamingspork.com/

A pastebin running Drizzle and  the Drizzle PHP Extension (which is on top of libdrizzle).

Chris SamuelTwitter Updates for 2009-07-02

  • It's not just Canberra @sabman, have a look at Geelong http://bit.ly/vhhEh
    :-) #osm #
  • Which kernel are you using @timfaas ? There was a kernel bug that caused a big regression in sqlite performance from 2.6.26-28, fixed i … #
  • RT @774melbourne – 'BOM: "Batten down the hatches!" Severe weather heading across the state, storms to hit Melbourne from 11pm.' #
  • RT @alecmuffett – history of abermud: http://bit.ly/19jNGw #

Powered by Twitter Tools.

This post syndicated from the website of Chris Samuel:

Twitter Updates for 2009-07-02

etbeWeb Hosting After Death

Steve Kemp writes about his concerns for what happens to his data after death [1]. Basically everything will go away when bills stop being paid. If you have hosting on a monthly basis (IE a Xen DomU) then when the bank account used for the bill payment is locked (maybe a week after death) the count-down to hosting expiry starts. As noted in Steve’s post it is possible to pay for things in advance, but everything will run out eventually.

One option is to have relatives keep the data online. With hard drives getting bigger all the time it wouldn’t be difficult to backup the web sites for everyone in your family to a USB flash device and then put it online at a suitable place. Of course that relies on having relatives with the skill and interest necessary.

The difficult part is links, if the domain expires then links will be broken. One way of alleviating this would be to host content with Blogger, Livejournal, or other similar services. But then instead of the risk of a domain being lost you have the risk of a hosting company going bankrupt.

It seems to me that the ideal solution would be to have a hosting company take over the web sites of deceased people and put adverts on them to cover the hosting costs. As the amount of money being spent on Internet advertising will only increase while the costs of hosting steadily go down it seems that collecting a lot of content for advertising purposes would be a good business model. If the web sites of dead people are profitable then they will remain online.

It wouldn’t be technically difficult to extract the data from a blog server such as Wordpress (either from a database dump or crawling the web site), change the intra-site links to point to a different domain name, and then put it online as static content with adverts. If a single company (such as Google) had a large portion of the market of hosting the web sites of dead people then when someone died and had their web site transferred the links on the other sites maintained by the same company could be automatically adjusted to match. A premium service from such a company could be to manage the domain. If they were in the domain registrar business it would be easy to allow someone to pay for 10 or 20 years after their death. Possibly with a portion of the advertising revenue going towards extending the domain registration. I think that this idea has some business potential, I don’t have the time or energy to implement it myself and my clients are busy on other things so I’m offering it to the world.

Cory Doctorow has written an article for the Guardian about a related issue – how to allow the next of kin to access encrypted data when someone is dead [2]. One obvious point that he missed is the possibility that he might forget his own password, a small injury from a car accident could cause that problem.

It seems strange to me that someone would have a great deal of secret data that needs strong encryption but yet has some value after they are dead. Archives of past correspondence to/from someone who is dead is one category of secret data that is really of little use to anyone unless the deceased was particularly famous. Probably the majority of encrypted data from a dead person would be best wiped.

For the contents of personal computers the best strategy would probably be to start by dividing the data into categories according to the secrecy requirements. Publish the things that aren’t secret, store a lot of data unencrypted (things that are not really secret but you merely don’t want to share them with the world), have a large encrypted partition that will have it’s contents lost when you die, and have a very small encrypted device that has bank passwords and other data that is actually useful for the executors of the will.

One thing that we really need is to have law firms that have greater technical skills. It would be good if the law firms that help people draw up wills could advise them on such issues and act as a repository for such data. It seems to me that the technical skills that are common within law firms are not adequate for the task of guarding secret electronic data for clients.

July 01, 2009

Tim ConnorsThe Very Bloody Fast Train

Imagine if Australia was enlightened enough to have fast passenger and freight train travel.



(youtube link for Planet viewers)

That would be *awesome* to be on that bridge as this train goes under it. Where do I sign up to be one of the geeks behind big the control panel?

Ben McGinnes

Chris SamuelTwitter Updates for 2009-07-01

Powered by Twitter Tools.

This post syndicated from the website of Chris Samuel:

Twitter Updates for 2009-07-01

Chris SamuelTwitter Updates for 2009-07-01

Powered by Twitter Tools.

This post syndicated from the website of Chris Samuel:

Twitter Updates for 2009-07-01

June 30, 2009

Chris SamuelTwitter Updates for 2009-06-30

Powered by Twitter Tools.

This post syndicated from the website of Chris Samuel:

Twitter Updates for 2009-06-30

Ben McGinnesIs that an email I see before me?

The Australian press have been trying to fill the news cycle in recent weeks with allegations of nefarious political machinations pertaining to a "fake email" in the OzCar affair (known by most as Utegate and, thanks to [info]lokicarbis, to some as Email Overboard). While there has been a great deal on the accusations made by various politicians against each other, there is very little on the nature of the email such as whether it was made out of whole cloth (i.e. something that looks like an email in an inbox, but was never sent) or whether it is a spoofed email (i.e. an email that was sent with a fraudulent From header).

Anyone familiar with installing or operating mail server knows how incredibly easy it is to spoof an email address. I could send an email to anyone which appears to come from president@whitehouse.gov, but I know that anyone looking at the headers would be able to determine the true source and that it never passed through any of the whitehouse.gov servers. While most of the rest of the online world is aware that spam is hardly ever from the email address it appears to come from. So spoofed email is not really a new concept to anyone these days.

As common and fairly easy as it is to spoof an email, it is also fairly easy to employ methods to counter this through the use of digital signatures. While a digital signature does not prevent someone from spoofing an email which appears to come from another party, if that other party is using a digital signature it is easy to determined that an unsigned or badly signed message may be faked. Using myself as an example again, this is why I use an OpenPGP compliant digital signature with my email.

The advantage of using an OpenPGP (usually PGP or GPG) key rather than the type of signature built into different email clients is the existing interoperability between operating systems and email clients. With plugins for Firefox it is also easy to use it with web based email systems. The other obvious advantage is that the same system includes encryption for those who want or need it.

When I first started using PGP in 1995, with version 2.3a for DOS, it was understandable that not everyone would have been happy to use it. In the intervening years there have been enough improvements with GUIs and alternate interfaces for the software that there is no real reason to prevent people from adopting it. Especially if there is any concern regarding email spoofing or identity theft in either their public or private communications.

Which brings me to my obvious question: why doesn't the Australian public service employ a method of digitally signing email?

If there were a policy of digitally signing messages sent by public servants and political staff it would not have been possible for this current issue to even occur. Well, a fake email could be created or sent, but it would be very simple to identify that it was fake.

I can see that there might be a reason for all email in the public service being sent in the clear or, if encrypted, always copied to a master key in addition to the recipient(s) for the sake of transparency of government - which is an important aspect of the democratic process. Aside from this issue, which is easily addressed, there is no reason why the public service and politicians can't adopt OpenPGP compliant software.

As it happens, some people at Parliament House have used OpenPGP, as this list shows. No doubt most of them are public servants and staffers, but there are two Senators, one current MP and one former MP on that list, including the current Minister for Foreign Affairs.

I can, of course, guess at the probable answers to my question: ignorance and apathy.

June 28, 2009

etbeValgrind and OpenSSL

I’ve just filed Debian bug report #534534 about Valgrind/Helgrind reporting “Possible data race during write” [1]. I included a patch that seems to fix that problem (by checking whether a variable is not zero before setting it to zero). But on further testing with Valgrind 3.4.1 (backported from Debian/Unstable) it seems that my patch is not worth using, I expect that Valgrind related patches won’t be accepted into the Lenny version of OpenSSL.

I would appreciate suggestions on how to fix this, the problem is basically having a single static variable that is initialised to the value 1 but set to 0 the first time one of the malloc functions is called. Using a lock for this is not desirable as it will add overhead to every malloc operation. However without the lock it does seem possible to have a race condition if one thread calls CRYPTO_set_mem_functions() and then before that operation is finished a time slice is given to a thread that is allocating memory. So in spite of the overhead I guess that using a lock is the right thing to do.

deb http://www.coker.com.au lenny gcc

For the convenience of anyone who is testing these things on Debian and wants to use the latest valgrind, the above Debian repository has Valgrind 3.4.1 and a build of GCC to fix the problem I mentioned in my previous blog post about Valgrind [2].

if (default_RSA_meth == NULL)
default_RSA_meth=RSA_PKCS1_SSLeay();

I have also filed bug #534656 about another reported race condition in the OpenSSL libraries [3]. Above is the code in question (with some C preprocessor stuff removed). This seems likely to be a problem on an architecture for which assignment of a pointer is not an atomic operation, I don’t know if we even have any architectures that work in such a way.

static void impl_check(void)   {
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
        if(!impl)
                impl = &impl_default;
        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
}
#define IMPL_CHECK if(!impl) impl_check();

A similar issue is my bug report bug #534683 [4] which is due to a similar issue with the above code. If the macro is changed to just call impl_check() then the problem will go away, but at some performance cost.

I filed bug report #534685 about a similar issue with the EX_DATA_CHECK macro [5].

I filed bug report #534687 about some code that has CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); before it [6], so it seems that the code may be safe and it may be an issue with how Valgrind recognises problems (maybe a Valgrind bug or an issue with how Valgrind interprets what the OpenSSL code is doing). Valgrind 3.3.1 reported many more issues that were similar to this, so it appears that version 3.4.1 improved the analysis of this but didn’t do quite enough.

I filed bug report #534706 about the cleanse_ctr global variable that is used as a source of pseudo-randomness for the OPENSSL_cleanse() function without locking [7]. It seems that they have the idea that memset() is not adequate for clearing memory. Does anyone know of a good research paper about recovering the contents of memory after memset()? I doubt that we need such things.

I filed bug report #534699 about what appears to be a potential race condition in int_new_ex_data() [8]. The def_get_class() function obtains a lock before returning a pointer to a member of a hash table. It seems possible for an item to be deleted from the hash table (and it’s memory freed) after def_get_class() has returned the pointed but before int_new_ex_data() accesses the memory in question.

I filed bug report #534889 about int_free_ex_data() and int_new_ex_data() which call def_get_class() before obtaining a lock and then use the data returned from that function in a locked area[9] (it seems that obtaining the lock earlier would solve this).

I filed bug report #534892 about another piece of code which would have a race condition if pointer assignment isn’t atomic, this time in err_fns_check() [10]. In my first pass I didn’t bother filing bug reports about most of the issues helgrind raised with the error handling code (there were so many that I just hoped that there was some subtle locking involved that eluded helgrind and my brief scan of the source). But a new entry in my core file collection suggests that this may be a problem area for my code.

I think that it is fairly important to get security related libraries to be clean for use with valgrind and other debugging tools – if only to allow better debugging of the code that calls them. I would appreciate any assistance that people can offer in terms of fixing these problems. I know that there are security risks in terms of changing code in such important libraries, but there are also risks in leaving potential race conditions in such code.

As an aside, I’ve filed a wishlist bug report #534695 requesting that valgrind would have a feature to automatically add entries to the suppressions file [11]. As a function that is considered to be unsafe can be called from different contexts, and code that is considered unsafe can be in a macro that is called from multiple functions there can be many different suppressions needed. Pasting them all into the suppressions file is tedious.

June 25, 2009

Ben McGinnes

Ben McGinnesImprovising Canon Rock

[info]dolphinsteak just pointed me to this gem on YouTube and all the rock and metal fans here will love it:



Consider for a moment that this kid was 16 when he did this.

Tim ConnorsKitties!

Excuse me, drunk, may make a balls up of this flow chart:

                                    Applied for job in Sydney by closing date? 
                                         /            /
                                        / yes        / no
                                       /            /
                                 offered job?      /
     ________________               /   \         /
    |                |             /yes  \no     /
    |                v            /       \     /
    |         re-evaluate at a later date  \   /
    |  Is kitty-obtaining suitable yet?     \ /
    |             /            \             v
    |            |no            \yes        /                    
    |____________|               \         /
             oh well, try         \       /
           again next year         \     /
                                    \   /
                                     \ /
                                      v 
                             Get a siamese kitty
                                     


This post inspired by this

June 24, 2009

etbeMicrosoft Open Source Information Evening

I have just attended a Microsoft Open Source Information Evening. It was in some ways one of the stranger things that I have experienced in my computer career.

Firstly there was the location, it was in a function room in the CBD, it was convenient for public transport and had good service but seemed likely to be quite expensive. A MS employee said that they believed that some people wouldn’t want to enter an MS office – I can’t imagine why they think that they could convince people who refuse to enter the MS office of anything if they got them to attend. As there were only about 6 people who weren’t from MS it seems likely that they paid something in excess of $200 per head for each non-MS delegate (I can’t imagine two function rooms, two dedicated hotel employees manning the bar, and a supply of food for a larger audience costing less than $1200).

If they had spent $100 per head for us all to have dinner at a good restaurant then I think that the result would have been better. They might want to consider running targeted meetings in future with a small number of people personally invited to dinner at a good restaurant. That said, the dinner of duck canapes and asian-style chicken noodles that they provided was pretty good.

I suggested that they should find other ways of promoting such events as the audience was obviously smaller than they desired. One suggestion that I made was that they create a blog about what MS in Australia is doing in relation to Linux and to offer the RSS feed URL to the people who run Planet Linux Australia. They were reluctant to accept that idea and stated that they don’t want to be seen to be forcing their presence where they are not wanted. That is a good approach (and a contrast to some activities of MS in the past). But I believe that it is misguided in terms of RSS feeds. When you create a blog you make the RSS feed available and then the people who run syndication services have the option of using it. The Linux community is on the side of open discussion, I don’t think that we have anything to fear from hearing what MS people have to say. While my opinion of MS has improved this evening, I still have no interest in using any of their software. Linux just works really well and satisfies all of my needs.

There were a bunch of smart MS people there, they seemed to really care about their work and want to improve things. Their pitch was about how Open Source software works on Windows, they showed demos of the installation process for a variety of PHP programs and showed Python code being used in a MS web environment. Most of the presentation time involved technologies developed outside of MS, while there was obviously a lot of MS code involved in getting Python, Ruby, PHP, etc working well the focus was mostly on the free software. They also mentioned some of their work in opening APIs so that free software programs can access Exchange servers (among other things). I didn’t pay a great deal of attention to the technology as I’m never going to use it. I was more interested in their approach which was positive and respectful and the general trend of what they are doing.

It seems that there is an increasing number of people within MS who realise that free software is not going away and that their customers demand that things work together.

They also didn’t display any of the arrogance for which MS is known. When one of the delegates predicted that MS would take a fall the way IBM did there was no argument about that possibility, instead there was a discussion about how MS software can be used with software from other sources to meet the current and future needs of customers.

The discussion of software patents was generally not very productive, I got the impression that they were not permitted to give anything that I would have considered to be a good answer to any of the questions. They did show examples of software that they have released with RAND terms for patents and other situations in which there would be no patent liabilities. But it seems that MS as a whole has no interest in getting any of the patent problems fixed. I can only hope that IBM, NEC, or one of the other big patent companies will give MS a demonstration of why software patents are bad.

Finally I was given a couple of 8GB USB sticks and a copy of MS Expression Studio 2. If anyone wants the unopened copy of Expression Studio they can make me an offer by email.

Stewart Smithlinux.conf.au 2010 announces first keynote speaker!

An exciting announcement from the linux.conf.au 2010 team! Benjamin Mako Hill will be a keynote speaker. I’m rather excited now – Mako is a great speaker and I’m looking forward to LCA2010 even more (if that’s possible)!

Stewart SmithUnwired and Australian Government Content Filtering Trial

Just got an email from Unwired asking if I’d like to voluntarily join a trial. A censorship trial. The wonderful “you can’t know what you aren’t allowed to see” form of “trust me” democracy embraced by our current government.

I first used Unwired for the time it took for Telstra to recover from screwing me when I moved (and bringing the DSL connection with me). I’ve kept the device around to enable on-the-road net connection on occasion and as a backup to my DSL line.

I’ll now look for an alternative backup internet solution.

June 21, 2009

LUVTrinity College Map

Trinity College - Main Campus, Parkville

Linux Users of Victoria meets on the 1st Tuesday of the Month at the
Buzzard Lecture Theatre in the Trinity College Evan Burge Building.

Evan Burge Building, Trinity College, Parkville, Victoria

read more

June 13, 2009

Tim ConnorsLaura Norder

Hah! Another occasion when I get to almost agree with Miranda Devine.

However, I really don't believe Indian students are the victims of anything out of proportion here. If a student thinks that "more than one-third of us would have the unpleasant experience.", then I suspect that is absolutely no more than what is just the normal background level of crime in an Australian capital city. It's dog eat dog out there.

In the 8 years I lived in the city (Sydney and then Melbourne), I have had to invoke the police 8 times. There were another 6 or so occasions when the law was broken severely enough that I cared/noticed but I had so little evidence that I just didn't bother (and then plenty of occasions that just make me laugh now that I don't care about them anymore). In 2 occasions, did I get any positive response out of the police whatsoever, but I assume in 1 of those cases, since I was never called to court, that nothing ever eventuated.

In Sydney, I was hit by vehicles on my bike 2 times that I can remember. In one case, I contributed 50% by not having adequate lighting, but that doesn't excuse the car that pulled out in front of me, as they would have been pulling out in front of the line of cars that were trailing me if I hadn't have been the person to get hit. In the other, I almost ended up underneath a truck. No point invoking the police in either case.

Also in Sydney, my home was robbed twice (Petersham: arse end of Sydney) and the police... did nothing.

In Dubbo, my car was broken into, and my wallet, watch, and my girlfriend's purse stolen. Good luck even getting them out from behind their desks and donuts to even fingerprint the car... Nothing.

In Melbourne, I was assulted by 4 guys in a car who didn't like me riding my bike in 1 of the 2 lanes available to them. Stolen car, probably driven by some coked up teenagers. Closed case after a year. I chased down a guy who robbed a friend of mine at an ATM, but couldn't hold onto him. The security guy and cameras we ran past, were of no assistance to the police. A year later, nothing. I was assaulted by a guy in a 4WD 50m before a breathalyser in Camberwell. The guy did a U-turn, turned down a side street, and the police were oblivious. I held up a guy who was riffling through an office in our cubicles at university. He had already obtained an MP3 player and laptop and several other bits. The university "security" showed their worthlessness, but despite their efforts, still managed to detain the guy (a remarkably cooperative criminal) until the real police came. A year later, I still hadn't been asked to attend court to see the guy get put in prison. Not that putting away a mule would have done any good. The dealers who parked at the bottom of the building of course would have been smart enough to get quickly out of there within a few minutes after they detected something had gone wrong.

Another 4WDer drove straight into me in peak hour, and I was hospitalised, and due to the copious amount of good samaritans around me, who just wanted to get to work that morning, I had no witnesses, and so.... a year later, I heard nothing back. The police wouldn't even give me his details so I could take him or his insurance company to court. I'd have to pay some freedom of information fee to obtain that. However, yet *another* 4WDer (what is it about oblivious 4WDers?) pulled out into me, fortunately had enough ethics still left in her to actually take myself and herself to the police station (after taking me to the doctor) to get herself charged with dangerous driving. The *one* case out of all the above where a positive outcome was obtained with the help of the police. And then a guy in a non-4WD (shock horror!) drove into me while I was in a bike lane, and he had the sense to pay for the wheel which he destroyed. I dispensed with police involvement in that one, in shock of having someone displayed their humanity.

So, OK, I had 3 positive outcomes (two of them involving the police) out of 12 or so relatively serious offenses (8 of them involving the police). I have certainly come out of it wondering "how the police seem to be so busy, considering that such incidents keep occurring in various parts of the city, with the lawbreakers getting away on most of the occasions." Must be the donuts. I don't think the Indian students are doing it any harder than myself just for example (and I didn't really live in a bad area of town), and I don't even have a victim complex about it (anymore - I probably did when I was in highschool). It's a shitty world, just get used to it.

In other news, some people don't deserve to have walls holding up their roof.

June 12, 2009

Stewart SmithKernel Conference Australia

Earlybird prices are up until today – so if interested in OS kernels (or hack on one) and not exclulively Linux (i.e. are interested in other platforms) then head over to http://wikis.sun.com/display/KCA/ and have a look.

May 27, 2009

Donna BenjaminAbout Inkscape - Splash Screen Contest

Originally published at KatteKrab. Please leave any comments there.

Entries closed and voting is open for the about screen contest for the next release of Inkscape.  There are 36 entries, some of them representing hours of dedicated artistry by their creators, others flashes of inspiration quickly rendered with our favourite tool.

I've picked 9 of the 36 for my own personal shortlist... but I can only vote for one - which will it be?  What do you think?

View all 36 here http://inkscapers.deviantart.com/journal/24960257/ - and create an account to vote!

Kattekrab's shortlist for the Inkscape 047 About Screen Contest

May 26, 2009

LUVI want Software Freedom Day at

May 11, 2009

LUVOSDC 2009 Call for Papers

OSDC 2009 has officially opened its call for papers, to close at the end of June. This conference is a grassroots style conference designed by developers for developers, covering Perl, Python, Ruby PHP and Open Source operating systems. If you'd like us to cover something else as well that is Open Source themed, please feel free.

OSDC 2009 will be held from 25th to 27th November, 2009 at the Bardon Conference Center in Brisbane this year. This is a fantastic venue a short drive from the Brisbane CBD, totally surrounded by lush greenery.

More details can be found at: http://2009.osdc.com.au/call-for-papers

read more

May 08, 2009

LUVDigital Archeaology: Slogans for LUV!

Digital Archeaology: Digging in the internet archive uncovered this gem from our history!

Slogans for LUV

Early in LUV's life we had a semi-competition to choose a slogan for LUV. Nobody ever ended up winning, but here are some of entries which are still worth a groan.

read more

April 26, 2009

Donna BenjaminInkscape - follow the path to 0.47

Originally published at KatteKrab. Please leave any comments there.

Inkscape - the best open source vector graphic editor in the whole wide worldThe amazing team that build my favourite Open Source software application, Inkscape, have bunkered down in preparation for a new release. It's been a long time since the last one, but they have been very very busy refactoring a lot of the core code that makes Inkscape work, fixing some outstanding bugs, and refining new features.

Arthur C Clarke said "Any sufficiently advanced technology is indistinguishable from magic." This describes well the way I feel about what the Inkscape developers do. bulia byak, Jon Cruz, mental, Johan Engelen, pjrm, ishmal, Ted Gould, Bryce Harrington and an army of others do extraordinary things. In their spare time. Because they want to! Such magicians!

So I've offered to help Scislac and Ryan Lerch get the word out about the new release. We'll draft an announcement, get community and developer feedback on it, and try and send it out to the 4 corners of the globe. We need snippets from the Developers, and perhaps more importantly, the Users! Because a software release on its own isn't terribly newsworthy. What users can do with that software is where the real story is told. I believe this story has the power to inspire others. It is what originally inspired me! Thanks Andy Fitzsimon and Pascal Klein.

Do you use Inkscape? Will you tell us your story? Add it to the Inkscape wiki, or leave a comment here on my blog - and I can it on the wiki for you.

April 23, 2009

Paul DwerryhouseSix Sigma

April 20, 2009

Daniel Stonedo you now?

Received in an SMS from a friend: 'I just walked past a bloke with pasty white skin and a ponytail wearing a t-shirt that said 'I do it with Ubuntu'.'

April 19, 2009

Donna Benjaminkattekrab: piano pain log: sun apr 19 - 10:37am. And so it begins.

Originally published at KatteKrab. Please leave any comments there.

kattekrab: piano pain log: sun apr 19 - 10:37am. And so it begins. - kattekrab's status on Sunday, 19-Apr-09 00:37:38 UTC [identi.ca]

We've been putting up with Piano Practice since Christmas - it's really driving me nuts, and I suspect we may be headed towards mediation on the issue. We live in high density housing and the piano is 2 floors above us, so the sound is muffled, but just at the level to be a constant distraction for the 4 hours + a day we're currently enduring.

Our current strategies are to play music - and I'm actually more used to working in relevant silence, but am liking the shift to music... Or to leave the house entirely. 

Do school holidays end tomorrow? I hope so.

Donna BenjaminLinux Audio - time for serious attention

Originally published at KatteKrab. Please leave any comments there.

Matt Bottrell posted about the sad state of audio on linux. Now - I can't even pretend to understand all the whys and wherefores, and have none of the necessary skills to fix it, let alone post constructive criticism about where to look at sorting out the issues - but I can certainly agree it's broken. Perhaps I can add a simple voice of frustration from a long time linux user? And also say that I will cheer heartily from the sidelines if some solution can be found for this mess, and buy beverages for the hackers responsible should I bump into them at linux.conf.au next year in Wellington, NZ

My ubuntu desktop suffers from strange audio symptoms, sometimes stopping pulseaudio does the trick, sometimes not.  Sometimes a reboot is all I can do to stop the machine hissing after some failed attempt to 'do' audio.   Sometimes audio will work in one app, but not in another. It's beyond my knowledge how to even start troubleshooting and documenting the problem.  

We really need this to 'just work'. If I wasn't the passionate advocate of software freedom that I am, I could consider going back to MacOS (if only they supported OGG!) If I needed audio regularly for professional stuff I couldn't put up with the situation - so I wonder how much this is holding others back?

April 04, 2009

Julien GoodwinMelbourne International Comedy Festival 2009 - The Preview shows

Once again I'm going to try and post about all the shows I've seen, although given that I'm seeing over two dozen I'm not even going to try one post per show. So here's the five shows I've seen in the first three days of the festival presented in cronological order. All of these were preview shows so had a few rough edges which generally just added to the enjoyment.


  • Goth v Nerd - A short double stand-up show, if you read PLOA or wear anything best described as "shiny & black" you're the target audience.


  • Sort of the Rings - Another short parody re-telling of LoTR, with audience partiticaption and helium orcs.


  • Otis Lee Crenshaw (Rich Hall) - American stand up followed by comedy country music. If you watch any of the comedy shows on TV you've probably seen Rich before.


  • Collingwood Club Therapist (AKA Ben Coussins the musical) - This one is only really for the footy tragics, particularly of the Collingwood persuasion, but "Ben Coussins the Musical" is just *classic*


  • Highly Sus - This one is more for the legal/criminal tragics, three perps, are they telling the truth or are they "Highly Sus"



All five shows were quite entertaining, and if you think they're up your alley (and you're in Melbourne) you should certainly make the trip.

Tonight's show is Heath Franklin doing "Choppers F%@#ing Bingo".

April 03, 2009

Daniel Stonefor the record

I don't use Emacs myself, and I don't recall a single Emacs user complaining about accidentally triggering Ctrl-Alt-Backspace on their way to M-C-E-A-S paste-output-of-doctor-into-irc. Most of the grumbling came from actual users (i.e. people who don't know what an X server is, let alone how to configure it, let alone to email xorg-devel@ about it), rather than people who are perfectly capable of changing the default[0].

Regardless, Peter came up with a perfectly sane plan which makes it very easy indeed to optimise for clients with stuck grabs (being that termination requires you to be processing input events in the first place, in which case you're likely doing reasonably well anyway).

[0]: Yes, the text is woeful. Sorry.

March 27, 2009

Julien GoodwinBookshelf Speakers

This week I've upgraded the turntable in my second hi-fi setup at home (my main setup has yet to get a 'table, mainly as I haven't got around to getting a proper pre-amp for it) with an old Systemdek IIX, one modifed with a Rega (RB-300) arm and Grado (8MZ) cartridge, and, after a stylus replacement on the Grado (which cost more then the entire 'table setup) I now have a very nice system which has been home to some lovely John Coltrane LP's that had just arrived.

Unfortunatly this upgrade now reveals that my Auratone's have gone from being a nice compliment to now being the obvious element holding my sound back.

So now I'm looking for new bookshelf speakers (and possibly a sub) to replace[1] them.

The current contenders (roughly from least, ~$1k/pair, to most ~$3.5k/pair expensive):


Fortunatly both PMC and Tannoy have local dealers from who I should be able to get a trial.

Much as I've always wanted a pair of PMC's I always thought they'd be at least the IB2 or above, not the "dinky" ones.

If there's anything people think I've forgotten that's bookshelf size, and < 5kg each I'd love to consider them.

1: Not that the Auratone's are going, they will just move into the studio as a comparison monitory (which they should have been from the start).

Daniel Stonepaypal an ting

Dom: Yeah, we used PayPal to accept payments for accommodation for the 2008 X Developers' Summit, but a combination of staggering US bank incompetence and PayPal being, well, PayPal, means that we lost about $US4500 we'll almost certainly never see again. The whole thing was a nightmare. After that, I switched to Google Checkout and didn't have a single problem, aside from it wanting to give me the whole interface in Finnish for a while and not offering a choice.

March 12, 2009

Daniel Stonepublic service announcement

This is a public service announcement: depth and bpp are different.

Depth refers to the number of significant bits (usually colour-significant, i.e. R + G + B bits for RGB modes) per pixel. bpp, i.e. bits per pixel, refers to the number of bits used altogether for pixel storage. Ignoring alpha, the usual configuration of your framebuffer will be depth 24 (8 bits each for R, G and B), but 32bpp: 8 unused bits at the top. 24bpp and depth 24 means that there are no unused bits, and that four pixels will occupy 96 bits (12 bytes), and not 128 bits (16 bytes), as there would be in 32bpp. (Thankfully, no-one actually uses 24bpp in the real world.) That is all.

March 08, 2009

Paul DwerryhouseUsing sudo non-interactively for administration is potentially harmful.

It seems to be all the rage, lately, to eschew root shells and run all administative commands with sudo. Sudo is a great tool for allowing otherwise unprivileged users to perform certain tasks for themselves (and thus not having to annoy the sysadmin regularly) and it's also good for keeping logs of what tasks were performed.

However, what I'm seeing is a general trend towards educating people to administer servers by using sudo non-interactively. Eg:

$ sudo /etc/init.d/networking restart


instead of

$ sudo su -
# /etc/init.d/networking restart


Ubuntu documentation is notorious for this.

The first method is bad practice because it will automatically drop root privileges as soon as the command has completed. This means that if you've made a mistake, you can potentially lock yourself out of your own server.

The second method will return you to a root prompt after you've run the command, and - importantly - will allow you to check that everything still works. You should always be checking that changes you've made work, before you drop root.

Sounds unlikely? Hardly. Even with the best intentions, mistakes occur. I've seen this problem happen; a person using sudo accidentally nulled the /etc/passwd file and managed to lock himself out of the root account. If this had been able to be done using sudo su - instead, then he would have been able to test that he could still access root, from another window, before logging out of the root account in his original window. Unfortunately, site policies prevented this (although it could be worked around by copying /bin/bash to /tmp and then running sudo /tmp/bash).

And it's not limited to just nulling the password file. There's plenty of things that you can screw up that will lock you out of your server if you don't have a chance to check them first - /etc/shadow, anything under /etc/pam.d, /etc/sudoers, /lib/libpam-ldap.conf to name just a few. In Ubuntu's case, if you make a mess of the sudoers file, you might not even have a root password to fall back on, due to their insane insistence on not creating one at installation time.

March 05, 2009

"Paul Dwerryhouse"Cluelessness

Dear ${BIG_COMPANY}. Did you know that you employ developers who write web applications that fail because my web browser's user-agent string contains "Iceweasel" and not "Firefox"?

Is that really necessary? Is it cost-effective? Is it LEAN?

March 01, 2009

Julien GoodwinNeed LP storage

I'm after some form of shelves for my record collction (99% 12", with just a handful of 7"s). I've got too many for milk crates and want something I can actually flick through and keep in (semi-) order.

Any ideas?

February 04, 2009

Julien GoodwinParallell loop execution in shell scripts

Dear lazyweb,

Is there a way to have for loops (or any loop for that matter) in shell run in (controllable) paralell?

I'm thinking a makefile hack could work, but for given the several hundred iterations it would get ugly.

December 09, 2008

"Paul Dwerryhouse"A plea to Optusnet sysadmins: Usenet

There must surely be some system administrators from Optusnet who read Planet Linux Australia. If there are, could one of you please drop a comment (anonymously, if you need to) into my weblog about your news server?

The Optusnet Usenet news server has mysteriously stopped receiving new posts a number of times this year. Every time it has gone down, it has been off the air for at least a week, sometimes two. It has now happened again.

There is rarely any acknowledgement of the problem to customers, and dealing with the Optusnet helpdesk is an exercise in futility; take for example the response given to a user on the Whirlpool forums:

"I got a reply from technical support about this. They recommend power cycling my modem."


Those two sentences indicate to me that the person on the helpdesk probably doesn't even know what Usenet is.

I've sent in a note to the helpdesk also, but from previous experiences, I know I won't get a response for several days and I have my doubts that it will even get to the right place.

Now, I know it's likely not to be your fault. I've worked for a big ISP myself, and I understand the pressures and the lack of interest that management have in Usenet and the hardware that goes with it. But I'd just love to know what is going wrong with it so often, and whether the helpdesk messages ever even make it to the sysadmin section...

November 26, 2008

Dave HallUpdated IMCE plugin for Drupal YUI Editor

My IMCE plugin for YUI Editor has been included in drupal CVS and the 6.x-2.33 release. Now I can claim to have code included in an official drupal release, ok it is a small plugin for a contrib module, we all have to start somewhere.

The version included in Drupal only supports YUI 2.5.x as the API has changed in 2.6. I have a new version which supports 2.6.x, but it has a layout bug, so I won't be submitting it until this bug is fixed. If you can tolerate the visual bug or want to help fix it, grab the lastest version of the IMCE plugin for Drupal's YUI Editor. Use the same installation instructions as last time.

Feedback welcome.

November 09, 2008

Dave HallOpen Letter to Senator Stephen Conroy on the state internet access in Australia

Hello Senator,

I have recently relocated my IT business from outer metropolitan Melbourne to country Victoria. The state of the internet in this country is a joke.

A professional associate of mine in Paris has access to 100Mbps down and 10Mbps up unlimited fibre. This costs him 45EUR p/m which includes line rental for a POTS equivalent phone service and basic cable TV. Setup is throw in if you take it for 1 or 2 years - he couldn't remember the term of the commitment.

I have a contractor in Hong Kong who has access to a network many times faster than people living in similar conditions in Melbourne.

In Tecoma I had access to business grade Naked ADSL2+ for $85 per month with 25G of data and a fixed IP address. Not included in the download quota was access to streaming radio, Linux and other Free/Open Source software (and some not so free), and some ABC content. If I exceeded my quota I would be shaped. The setup fee was $129. With this service I could use a high quality VoIP service for cheap calls overseas, where some of my clients and contractors are located.

Now I am living in country Victoria I am unable to even get ADSL1 - despite being informed by Telstra on 2 occasions that it was possible - "it won't be a problem just call us once you move in".

I am now stuck with a very sub optimal solution.

I am using currently using 2 HSDPA modems on the Optus network with directional antennas. During the week at best I can get 1.5Mbps/150kbps from each link. Each service has a 6G usage quota for $50p/m each, with excess usage charges of $153.60 per Gb (or 0.15c per Mb). All traffic is counted (both up and down).

The Optus network is stretched and even worse on weekends and evenings. The service is also unsuitable for VoIP, so I have to pay more for my calls too. Optus doesn't offer fixed IP addresses or an accurate tool for measuring usage. In every way their service is inferior to ADSL.

The equipment I used to set this up properly cost me close to $1000. I also spent several days setting it all up and paid for professional assistance with the project. As the service is not eligible for the Broadband Guarantee scheme I have to wear these costs as part of running a business in a rural area.

Satellite is completely unsuitable for my business due to the latency, slow speeds and a requirement of a minimum 2 year commitment. The claim that satellite offers a "metro-comparable level" of service is laughable - 1024/256kbps with 5G of data for over $100 per month and a $3000 setup fee is extortion.

My only other option is Telstra's Next G service which requires a 3 year commitment and costs considerably more than the similar service from Optus.

I am located near Newstead, less than 2 hours drive from the centre of Melbourne, not 200kms west of Uluru. I expect that I should be able to get reliable phone and internet services at reasonable prices with a choice of carriers. Based on my (somewhat limited) knowledge of the area less than half the connections from the exchange here can access ADSL. The current situation here is reliable, value for money or available - pick 2.

Anecdotal evidence would suggest that many businesses in rural areas are constrained by the lack of quality data services in their area. The lack of proper broadband services in rural areas must cost businesses millions of dollars every year. Local economies also suffer as people are unable to establish businesses which rely on reliable and affordable internet access and so the jobs and investment goes to the larger regional centres or metropolitan areas.

Based on overseas trends the National Broadband Network will be out dated before it is finished. Even with 98% coverage some 400,000 people in Australia will not have access to reliable high speed internet services.

Instead of wasting money on an filtering system which most people don't want, will slow down access and has the potential to cause major head aches for system administrators (not to mention making us an international laughing stock), you should consider investing in the future of rural and regional economies by giving us access to high quality, high speed internet services. My views of the filter scheme are best summed up by a comic.

Thanks for your time and I look forward to hearing about how you plan to fix the state of internet access for tech businesses based in rural and regional Australia.

Yours Faithfully,

Dave Hall
Managing Director
SKWASHD SERVICES PTY LTD

October 22, 2008

Dave HallYUI Editor + IMCE for Drupal 6

Update: This has now been included in the 6.x-2.33 release of Drupal's YUI Editor module and I have added support for YUI 2.6.

Earlier today I finished off another Drupal based site. The client was pretty happy with it. Once they launch I will probably post a link.

The client came back to me and asked how they could insert images using the RTE. Based on some positive reviews I used the YUI Editor module this time around, instead of FCKEditor or tinyMCE for the rich text editor. The YUI Editor module doesn't support file browsing. I tried to see if someone had already hacked something together for this, if they had I couldn't find it.

In the past I have used the IMCE module for image browsing and uploading in FCKEditor or tinyMCE. Adding IMCE support to the YUI Editor module seemed like the fastest solution.

So here it is - the IMCE based image browser plugin for YUI Editor on Drupal 6.

Here is a quick howto. Install the YUI Editor and IMCE modules into your Drupal 6 install. Save the plugin tarball into your modules directory above the YUI Editor module and extract it. You should now have 2 extra files yui_editor/plugins called img_browser.inc and img_browser.js

Feel free to leave comments about how well this works for you. Enjoy!

October 21, 2008

Dave HallWe've Gone Green

Well Green Gully to be exact. Last month we relocated from Tecoma.

Where is Green Gully you ask? It is near Newstead - a little town down the road from Castlemaine, which is near Bendigo. If you want to come and visit from Melbourne it is about 1.5 hours drive from the Airport or 2 hours from the CBD.

I now work in a mudbrick house, with bottled gas, tank water and mains feed Green Power. The plan is to eventually convert the garage into an office, but this will take some work. For now just the servers live in the garage. The office still isn't fully setup, but it is getting there - all the important stuff is working.

Connectivity has been a challenge. I now have a pair of Optus e169 HSDPA modems giving me internet access- most of the time. I plan to blog about my setup when I get some time. I hope to start blogging more about bush tech - time permitting.

I will still be travelling for work, be it Newstead, Castlemaine, Bendigo, Ballarat, Melbourne, nationally or internationally. If you have a project you wish to discuss with me, just contact me.