mcr at sandelman.ca
Sat, 30 Dec 2006
Many people in Ottawa have been getting ADAD's calling them offering them cruises. You push 9 to talk to an operator.
These calls come from Fantasy Tours + Travel from Orlando, Florida.
Let me say that again for google: Fantasy Tours + Travel.
*69 said the call was from 613 232-7437, but I think I've also gotten
calls on my cell phone which were dead air from 613-232-7627.
Make no mistake --- these calls are illegal. They are made by "Automatic Dialing and Announcing Devices", which are not to be used for sales.
See: http://www.crtc.gc.ca/eng/INFO_SHT/t1022.htm
Automatic Dialing and Announcing Devices (ADADs):
ADADs are equipment that store and dial telephone numbers automatically. They
may be used alone or with other equipment to deliver a prerecorded or
synthesized voice message to the telephone number called.
ADADs are permitted when there is no attempt to sell, such as:
* calls made for public service reasons, including emergency and
administrative purposes by police and fire departments, schools,
hospitals, or similar organizations,
* calls to collect overdue accounts, market or survey research calls or
calls to schedule appointments.
ADADs used for the purpose of solicitation are prohibited, including calls
made on behalf of a charity, radio station promotions, or calls referring the
called party to a 900/976 service number.
Today, I managed to get Bell to actually take the complaint.
All my attempts to get the CRTC involved have been met with: "call the phone company". Bell told me that I should call the police, but they aren't interested.
I did not get a ledger number for my complaint, I will be calling back to attempt to get that. I will post that if I can.
I called 611 to get make a complaint.
posted at: 10:18 | path: /legal | permanent link to this entry
Wed, 27 Dec 2006
When my Toshiba laptop died, I knew that the hard disk I had was still good, and so I got the UltraBay HD adapter to go with my IBM Thinkpad. When the Thinkpad arrived, I declined the MS EULA that the laptop booted up with, turned it off again, and swapped in my old HD. Thanks to the fact that Linux (and NetBSD) do not have stupidly motherboard specific kernels (it's EVEN WORSE with Vista. See: http://ars.userfriendly.org/cartoons/?id=20061106&mode=classic ) I can just move my hard disk to a new system.
Anyway, in fall 2005, when my motherboard blew up, it took my hard disk as well (I'd reformatted the IBM HD, and was now using that). I replaced the hard disk, and still have to RMA the original, and wound up with a 60G drive inside the laptop, and a 40G drive in the bay. Most of the time, this is the right combination, with the CDrom in the docking station. The I/O path to the ultrabay is a bit faster than the I/O path to the docking station, although you can't boot from a cdrom in the docking station.
The question arises: where do you put your music? When I'm at my home office, the music is accessed over HTTP, so I don't need a local copy. When I'm travelling, I'm often on battery. I'd prefer to have my spare UltraBay battery in the bay rather than my spare disk. On sensible airplanes, and on VIA rail, you get power, so you don't need the battery. I think that I've now concluded that putting my music on my second disk is okay, but up to now, I haven't done that.
The second problem is where to put the master Linux Kernel git tree. Until this past summer, with "git clone -s" (more on that later), one wanted to have kernel git trees on the same partition as one's experimental trees, since they could share with hard links. I made the decision that if I was doing core kernel development (vs Openswan + UML), I probably had test machines, so I have power. So I put my kernel in /mara1/git.
The result is that up to today I had five ~8G partitions on my external drive. This is big enough to be useful for work like git, but small enough that I won't loose too much at a time, and I can do backups reasonably easily. Generally, I like to either backup everything on a partition, or nothing. So if I have data on a partition which can trivially be recovered from the internet, I may not back it up.
This means that my laptop (whose name is "marajade") looks like:
PRIMARY DISK / + /usr - operating system /boot - kernels (100M) /home - my home directory /var - logs and administrative files /corp - my corporate data, projects, etc. /sandel - local programs, source code and customization /mara6 - project space (mostly openswan + UML as it turns out) /mara7 - customer project space (some kernels) /mara8 - ccache, spam folders, music
SECONDARY DISK /mara1 - many git trees /mara2 - more openswan + other stuff sandboxes /mara3 - random data /mara4 - freebsd and other code, more customer project space /mara5 - backups... never really used.
The problem with any partitioning scheme other than "put everything in one partition", is that one can run out of space on one partition, and still have space elsewhere. This is very difficult for new users to deal with, but it can be very annoying for experienced users as well.
Of course, with everything in one partition there are other problems: you can have logs run away and eat ALL the disk space, and then you may have a problem, and you may not notice for perhaps even YEARS. If you have a file system error, you are out of luck. If you re-install your operating system, you likely LOOSE a lot of your data.
I had my secondary disk partitions mounted via the LABEL= hack so that they would be found whether the second disk was hdc (ultrabay), or hde (docking station). I marked them noauto, so if they aren't present life doesn't end, and have a boot script that runs mount on them instead.
After using the Logical Volume Manager tools a bunch to deal with Xen, I realized that I could have the best of both solutions. I wondered at first, if I could create a single volume group, and sometimes not have one physical volume, and perhaps could simply force LVs to be on one physical volume or another, and migrate stuff around as I need it. That doesn't work, unfortunately, see: http://www.sandelman.ca/mcr/blog/2006/05/24#how_to_unscrew_your_lvm
My solution is two volume groups, and I was able to move data around a bit to free up a partition to make my first physical volume for each volume group, and then restore data. The end result is that I now have a /corp/projects/SOMETHING (primary disk), and /corp/projects/SOMETHING2 (secondary disk), for a lot of project related data. Note that I didn't move my operating system or personal data. I'm still a bit hesistant about LVM, and in particular, my local kernel source (which I'd need to build LVM modules!) is accessible without LVM.
My new /etc/fstab:
/dev/hda5 / ext3 defaults,errors=remount-ro 0 1 /dev/hda1 /boot ext2 defaults 0 2 /dev/hda12 /corp ext3 defaults 0 2 /dev/hda8 /home ext3 defaults 0 2 /dev/hda10 /mara6 ext3 defaults 0 2 /dev/hda9 /sandel ext3 defaults 0 2 /dev/hda6 /usr ext3 defaults 0 2 /dev/hda7 /var ext3 defaults 0 2 LABEL=UmlRoot /uml ext3 defaults 0 0 LABEL=CACHE /cache ext3 defaults 0 0 LABEL=DistrosKernel /distros/kernel ext3 defaults 0 0 LABEL=ProjectOpenswan /corp/projects/openswan ext3 defaults 0 0 LABEL=ProjectXelerance /corp/projects/xelerance3 ext3 defaults 0 0 LABEL=ProjectCobbix /corp/projects/cobbix ext3 rw,noauto,user,exec,defaults 0 0 LABEL=ProjectVpnx /corp/projects/vpnx ext3 rw,noauto,user,exec,defaults 0 0 LABEL=ProjectFreeradiu /corp/projects/freeradius ext3 rw,noauto,user,exec,defaults 0 0 LABEL=ProjectMisc /corp/projects/Misc ext3 rw,noauto,user,exec,defaults 0 0 LABEL=UmlRoot2 /uml2 ext3 rw,noauto,user,exec,defaults 0 0 LABEL=ProjOpenswan2 /corp/projects/openswan2 ext3 rw,noauto,user,exec,defaults 0 0 LABEL=ProjectsHifn2 /corp/projects/hifn2 ext3 rw,noauto,user,exec,defaults 0 0 LABEL=ProjectCroquet /corp/projects/opencroquet ext3 rw,noauto,user,exec,defaults 0 0
lvm> vgs VG #PV #LV #SN Attr VSize VFree MaraMainDisk 3 5 0 wz--n- 18.50G 4.50G MaraUltraBay 5 8 0 wz--n- 35.39G 17.42G
lvm> lvs LV VG Attr LSize Origin Snap% Move Log Copy% CACHE MaraMainDisk -wi-ao 3.00G DistrosKernel MaraMainDisk -wi-ao 4.00G ProjectOpenswan MaraMainDisk -wi-ao 3.00G ProjectXelerance MaraMainDisk -wi-ao 2.00G UMLROOT MaraMainDisk -wi-ao 2.00G ProjectCobbix MaraUltraBay -wi-ao 1000.00M ProjectCroquet MaraUltraBay -wi-ao 2.00G ProjectVpnx MaraUltraBay -wi-ao 2.00G ProjectsFreeradius MaraUltraBay -wi-ao 1.00G ProjectsHifn2 MaraUltraBay -wi-ao 6.00G ProjectsMisc MaraUltraBay -wi-ao 2.00G ProjectsOpenswan2 MaraUltraBay -wi-ao 2.00G UMLROOT2 MaraUltraBay -wi-ao 2.00G
marajade:~# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda5 1829159 458651 1272915 27% /
udev 10240 96 10144 1% /dev
devshm 255272 0 255272 0% /dev/shm
/dev/hda1 112883 61155 45706 58% /boot
none 65536 160 65376 1% /tmp
none 65536 0 65536 0% /ramdisk
none 4807056 704176 3858696 16% /var/run
/dev/hda12 7692876 6294116 1007984 87% /corp
/dev/hda8 7692876 2754784 4547316 38% /home
/dev/hda9 7692876 2200808 5101292 31% /sandel
/dev/hda6 7692876 2652548 4649552 37% /usr
/dev/hda7 4807056 704176 3858696 16% /var
/dev/mapper/MaraUltraBay-ProjectCobbix
991949 627375 313374 67% /corp/projects/cobbix
/dev/mapper/MaraUltraBay-ProjectsMisc
2064208 828640 1130712 43% /corp/projects/Misc
/dev/mapper/MaraUltraBay-ProjectsFreeradius
1032088 102260 877400 11% /corp/projects/freeradius
/dev/mapper/MaraUltraBay-ProjectsOpenswan2
2064208 301440 1657912 16% /corp/projects/openswan2
/dev/mapper/MaraUltraBay-UMLROOT2
2064208 217764 1741588 12% /uml2
/dev/mapper/MaraMainDisk-CACHE
3096336 1927832 1011220 66% /cache
/dev/mapper/MaraUltraBay-ProjectVpnx
2064208 979912 1000412 50% /corp/projects/vpnx
/dev/mapper/MaraUltraBay-ProjectCroquet
2064208 136516 1822836 7% /corp/projects/opencroquet
/dev/mapper/MaraMainDisk-UMLROOT
2064208 217768 1741584 12% /uml
/dev/mapper/MaraMainDisk-ProjectOpenswan
3096336 2048528 890524 70% /corp/projects/openswan
/dev/mapper/MaraMainDisk-ProjectXelerance
2047379 1902 1961591 1% /corp/projects/xelerance3
/dev/mapper/MaraUltraBay-ProjectsHifn2
6192704 4020112 1983852 67% /corp/projects/hifn2
/dev/mapper/MaraMainDisk-DistrosKernel
4128448 2743844 1342664 68% /sandel/distros/kernel
What would be nice
It would be neat if there was a way to move a logical volume from one volume group to another, and do this in the background. I would do this by turning the logical volume into a RAID-1 ( http://en.wikipedia.org/wiki/RAID ), and letting the RAID-1 mirror the data. The trick would be to do this using the dm-mapper, changing the "plumbing" underneath, and when it was done, remove the RAID-1 settings, leaving the file system layer ignorant of the change.
It would also be nice to be able to resize the partitions without unmounting them. I think that one of XFS or ReiserFS-4 can do this. I use ext3 at present.
How I use git-clone
The new thing about git clone -s, is that it doesn't use hard links, or
soft-links, but instead sets up .git/objects/info/alternatives. This
effectively reduces the cost of a kernel .git tree to the space for the
checked out files (about 50M for Linux) and objects. I move my "Linus
Torvalds" git tree to /distros/kernels/linus.git, and git clone it. I put
that master tree on my primary disk, because then I always have it, while I
can put as many kernels with object files on per-project places as I go.
(/distros/kernels is an example of stuff that I wouldn't bother backing up,
btw.)
It is my intention to even create partitions for specific projects as I need them, and remove them when I am done. The question will be, how in such a dynamic world, will I get all my backups to do the right thing.
posted at: 20:15 | path: /howto | permanent link to this entry
Sat, 16 Dec 2006
"Seasons Greetings" -- Merry Xmas
I for one, must agree with the various secular humanists that say that Xmas is just fine at the level of commercialism/materialism. They are right --- Xmas is not a celebration of the birth of Christ. The Christ Mass might be, but I think that Christ was born in July.
Here is the thing — people who want to celebrate the birth of "the saviour" should do it in July. December 25th is really just a 4th day of celebrations of the Pagan solstice. It's a festival of light --- these days, that means a festival of electricity --- in which we celebrate how much materialistic power we have.
This really solves a lot of problems --- the last two weeks of the year no longer belong to any one religion. Everyone can be materialistic (which, btw, is probably equally a sin in every religion, so everyone is equal).
No more politically correctness about "Seasons' Greetings" or "Happy Holiday" (apparently, that's no longer kosher, because not everyone gets a holiday). It's just "Merry Xmas" (Pronounced ex-Mas. As in formerly from Massachusetts). If that's not enough, you can always add: "Party-on Hoser!"
Just remember that the catholic church isn't the only one who can appropriate pagan rituals. Me, on this first day of Hannukah, I've just finished putting up my festive Hannukah Bush. At sunset, I will plug the nifty-cool LED string in, and say my Baruch Ata Adonai.
posted at: 18:18 | path: /food | permanent link to this entry
Thu, 14 Dec 2006
The invoice numbers for Microcell service are the first 8 digits of the account number (the account number is othewise 9 digits), followed by 1 digit for the month ("A" and "B' for November and December!), followed by, my guess, 1 digit for the year. (Mine says "6")
posted at: 18:33 | path: /accounting | permanent link to this entry
Wed, 06 Dec 2006
A friend explained why she chose a freezer-less fridge recently:
In general terms, the close to 50% savings of freezerless fridges are there because:
1) the unit does not have to produce the low temperature of the freezing
section (in one of your warm rooms, remember)
2) the continous defrost cycling of new frdge/freezer combos (even those with
the more efficient bottom drawer-type freezing sections)are using power for that function.
It is much more efficient to have a chest-type freezer (the cold air doesn't flow out the minute you open the lid) in a cooler room or basement for frozen food. Good exercise doing the stairs to get the frozen stuff too!
I don't have a freezer at present. I do have the use of a friend's freezer, but it is a car-drive away. Sigh! For frozen food,I have improvised with a small insulated cooler that fits nicely in the fridge. Packages thaw very slowly over a couple of days.
I am weaning myself off frozen food partly for the energy savings and partly because I have read that freezing results in some nutrition loss. I am eating more food in season (local organic if possible) and exploring drying fruit for winter. (A hot summer car makes an effective oven for drying fuit , often in one day.)
Surprisingly, my Danby (DAR1102W - 11 cu.ft I think) does not have an EnergyStar appliance rating, in spite of having the low EnerGuide consumption rating of 338 kWh per year. (I was interested to find that a smaller size Danby uses nearly as much - about 330kWh.) Woods also makes freezerless fridges. Larger than mine are available. Black, white and stainless. I have put an energy use meter on the fridge but have not yet used the data to compare with the claim of 338 kWh per year.
I am surprised that they are not advertized as energy savers. To date, people probably buy them as a second beer fridge. The manual notes that frequent door opening will probably increase the energy consumption. But isn't that the same for all fridges?
posted at: 22:54 | path: /environment | permanent link to this entry
Tue, 21 Nov 2006
President's Choice brownie cookies
Pass. Maybe that's why they are on sale for $1.99.
The brownie tastes... very artificial.
posted at: 01:29 | path: /food | permanent link to this entry
Fri, 27 Oct 2006
Forbes acknowledges GPL as significant
There was a recent article in Forbes magazine attacking the GPL and Richard Stallman. Of course, there was a response on slashdot:
A colleague found the following, very astute response, which I'm copying here:
I consider the GPLv2 to be less free than the BSD license in precisely the same way as living in a country with a constitution and laws is less free than living in a country without them. Which of those two countries would you rather live in? I know which I'd rather live in. The GPL is a statement of the rules under which we are all free.
And the GPLv3's insistence that I be able to replace the GPL code in my Tivo with my own versions seems to me like a restriction much along the same lines. Whether this is an encroachment on freedom that the GPL should be concerned with is open to debate. But that restricting my ability to do this is an encroachment on my freedom is not open to debate.
- by Omnifarious (11933)
I could not agree more. I've always assumed that the editors of Forbes magazine were in favour of free markets. Well, perhaps if one remembers the "Steve Forbes 10% tax" one might remember that Forbes is a magazine for rich people. (His tax would not actually have taxed capital gains!)
posted at: 13:58 | path: /oss | permanent link to this entry
Wed, 18 Oct 2006
Ontario's Privacy commissioner endorses non-standards
CBC.ca writes:
http://www.cbc.ca/technology/story/2006/10/18/privacy-identity.html?ref=rss Ontario's privacy commissioner and Microsoft Corp. on Wednesday unveiled a framework of principles they hope will be adopted by internet companies to help increase personal privacy and reduce online crime.
Since when does Bill Gates write laws in Ontario?
Since when the government of Ontario endorse proprietary solutions from single vendors?
Did the IPC pay for consulting from MS? Was there an RFP?
BTW: the ipc.on.ca is full of non-compliant web pages, and character
encodings which are proprietary. and the pages do not validate with http://validator.w3.org/
http://validator.w3.org/check?uri=http%3A%2F%2Fipc.on.ca
The FIRST and MOST IMPORTANT thing you can do to protect people's
privacy is to make sure that you never require people to run a single
vendor's computer system. Choice > competition > security.
"Doctor Heal Thyself"
posted at: 20:48 | path: /standards | permanent link to this entry
Fri, 06 Oct 2006
Some things are better said in french.
Harry Gow writes to Le Droit:
À VOUS LA PAROLE
Train léger et sommeil lourd -
Mais quelle mouche a piqué la Ville d'Ottawa et son service de transport, OC Transpo? Une tsé-tsé? Pendant le sommeil des uns d'autres s'affairent! Est-ce le brouhaha et le débacle tels que l'on pourrait croire en lisant le Droit?
Quatre conseillers mécontents de la route proposée pour la ligne est-ouest de tramway proposée, un ministre qui est obligé de se fâcher pour avoir accès aux détails d'un contrat, des citoyens alarmés par la fermeture prévue pendant trois ans de la ligne O-Train actuel, (ses trains seront bientôt vendues aux enchères), billets contrefaits, harcèlement et j'en passe.
Pour couronnner le tout, un Directeur-général recruté il y a peine six mois pour son expérience et ses vastes connaissances quitte la barque. On me dit qu'il semblait malheureux... . Pas pour rien; si on vous demande de prendre le timon d'un paquebot et vous découvrez des fuites dans le coque, seriez-vous heureux?
Si les choses sont à un tel point, un audit de l'organisation et une évaluation externe de ses plans de train léger seraient les seules issues raisonnables de la crise, selon un collègue qui a déjà conduit une évaluation des services de OC Transpo il y a quelques années.
Harry Gow
posted at: 14:51 | path: /otrain | permanent link to this entry
Wed, 04 Oct 2006
Subject: interview with Buzz Hargrove on CBC today
I thank the CAW for trying to mix jobs and the environment. It's a good strategy. However, I don't think your short-term strategy is going to work.
If I were to listen to you, you think that we can continue for another 100 years to build automobiles, they just need to be more efficient. That's not enough. We have to move FAR FASTER.
If we don't retool NOW, there will be no TRANSPORTATION industry in Canada. That means a whole new approach to mobility --- it means less automobile ownership, and more short-term leasing, rental, co-ops, transit, and the like. People need to able to buy only as much mobility as they need.
That means that your industry will have to change from being something that builds products to a service industry. That means fewer robots, and more labour. Robots can't overhaul vehicles after their 5 year warantee is over.
Further, in the short-term if California reduces their emissions, and Ontario plants don't produce automobiles that can be sold in California, then... where will you sell them? Do you really think the Ontario market is big enough?
YES, that's unfortunately ones that are built in Ontario due to the Auto pact. Maybe... it's time to fix THAT.
If the CAW really cared about doing things right, they'd insist that their employers STOP investing in automobiles that nobody wants to buy. The SUV/Minivan craze is OVER. YOU knew this 5 years ago, but 0% financing kept the market alive for awhile, and then the major slump as everyone replaced their vehicles early.
posted at: 21:05 | path: /environment | permanent link to this entry
Mobile phone physical standards
I responded to Ontario Today's piece of mobile phone use in automobiles.
Subject: mobile phone usage in cars
I think it's great if employers do not require, and even actively discourage mobile phone usage while driving. But, I suggest that maybe people are thinking about this in the wrong. Maybe it's not the mobile phone that is inappropriate, maybe it is the DRIVING that is inappropriate.
I wish however to respond to the belief that we need to outlaw mobile phone usage while driving. I question if this is in fact enforceable, or if we really want to make it possible to enforce. Perhaps we really already have enough laws to deal with the problem --- surely it's illegal for a person to eat cereal while parked on the 401. (I think you had a call-in about this kind of thing).
Further, the number of mobile/connected devices is going to massively increase, not decrease. At some point, it may be that your driver's license might in fact be a mobile device you use to authenticate to the highway. (Think 407ETR)
Instead, I think that the Ontario government can make some improvements that will have widespread effects on mobile phone usage and safety. What we need is to be able to take any mobile phone into any vehicle and have it operate in the most safe fashion. This means a hands free mode with a headset and/or speakerphone. To do this properly requires cooperation of the phone and vehicle.
The nice thing is that it would also significantly reduce the amount of waste in the form of "obsolete" mobile phones, batteries and accessories:
I would make it required that all mobile phones sold in Ontario:
a) be unlocked, so they can be used with any mobile network provider (this would permit the phones to be re-used, rather than throw out) This might eliminate the $0 for your phone deal in its current form. Tough.
b) there shall be a standard headset adapter format. c) there shall be a standard interface to a charger. d) there shall be a standard mounting bracket. e) there shall be a standard battery format. (very controversial)
b,c,d would permit vehicles to be equipped with a standard way to mount your mobile phone on the dashboard so that it can get power from the car, and put the audio through the car speaker system. That would make mobile phone use in a vehicle very much safer.
e - would eliminate a lot of waste in batteries. I have two mobile
phones would work fine if only I replaced the battery, and bought new chargers. But the cost of that exceeded the cost of a new phone. So they go into my junk drawer until I decide to put them in the landfill.
a - would create an actual market for used phones (they all have serial
numbers, so it would be trivial to see if they are stolen)
This would not require that current mobile phones be changed, just that they come (at no charge) with some kind of adapter to adapt their current mechanism to the "standard". New ones might come with the standard mechanism.
I think that this would be a massive boon to Ontario uses, and other jurisdictions would rapidly adopt our regulations. Yes, there will be costs, but as I have a different headset and a different charger (and replacement charge, and computer cable, and spare battery...) for EACH phone I've owned, I know that I'll win in the end. The industry can not be depended upon to do this on their own --- it's not in their interest.
posted at: 18:12 | path: /standards | permanent link to this entry
Mon, 25 Sep 2006
Today I spent two hours at my "alma mata", Carleton University.
It's been 10 years since the Herzberg building was expanded, but I still think of it as new. For many, the O-train is still new, yet it will soon be old. Unless you do something about it.
I was giving out flyers about the cancellation of the O-train.
I talked to students arriving by O-train and bus about the cities' plans to replace the widely successful O-train with a streetcar system. Most were very surprised.
OC-transpo doesn't talk much about this, yet it is a critical part of the plan: by shutting things down for a long enough period, people will have to make new arrangements, and will therefore not care if the "replacement" train gets finished or not. It will be more expensive than buses (it's designed to be), so, we'll have to cancel it.
http://www.cs.unca.edu/~manns/intropatterns.html explains some of this method, but I don't have the book in my hands, so I can't tell you the name of this anti-pattern.
I wrote about this before, using a piece from Tim Lane, that really says is better than I ever could:
http://www.sandelman.ca/mcr/blog/2006/06/12#tim_lane_on_o-train
Now the Mayor seems to have fallen into the trap of forgetting what the diesel O-Train has accomplished, and is convinced that any future LRT has to be the expensive kind.
He has forgotten that the #1 reason you bring in light rail, is TO REDUCE THE COST OF OPERATING YOUR TRANSIT SYSTEM!
The #2 reason, is to give your riders a FASTER, MORE RELIABLE TRIP, if terms of travel time, and schedule adherence.
The new North South LRT extension, looping through Riverside South before entering Barrhaven from the south east, will, at enormous cost, provide passengers with a slower trip from Barrhaven to downtown, than the express buses on Woodroffe Avenue.
The plans for the East West light rail lines, with proposals to run it down busy city streets, rather than the existing, mostly grade separated rail corridors, show that the purpose of LRT, now, is to enhance the value of developers properties.
The two real reasons for LRT, above, have been thrown out the window.
posted at: 16:42 | path: /travel | permanent link to this entry
Sat, 16 Sep 2006
Just now, after spending the day at my Cousin's twin's first birthday, I sat down and opened my laptop, and within 30 seconds, the following shows up:
(17:18:40) christel: (notice) [Global Notice] On the 12th September Rob Levin, known to many as Freenode's lilo, was hit by a car while riding his bike. He suffered head injuries and passed away in hospital on the 16th. For more information please visit #freenode-announce
I joined the channel, as did too many other people to count.
It's very weird when virtual people die. (People who you've known for years, but have never met in person.) One has to realize that they were real.
Someone said to /whois him, pointing out that he was in fact online:
Nick: lilo (identified) Away: Whoops, I've stepped away. For URGENT freenode help (channel flooding, trolling users, network problems or access issues), please email my pager at 4iiygyvs@freenode.net . It's my job and I'm happy to respond. For ROUTINE issues, please see http://freenode.net/faq.shtml#gettinghelp .... Please take a look at my personal blog when you get a chance: http://spinhome.org1 .... Thanks! Username: i=levin@freenode/staff/pdpc.levin Realname: Rob Levin Server: irc.freenode.net (http://freenode.net/)
652 people in room, and climbing.
posted at: 21:33 | path: /oss | permanent link to this entry
Fri, 08 Sep 2006
Dead projects aren't always bad ideas
My friend Mike wrote this, and having no blog, permitted me to post this.
From: "Mike Charlton" <mikekchar@gmail.com>
I don't have a blog anywhere and I just felt like writing this down. I hope you guys will indulge me. I've been thinking about a FLOSS project I abandoned a while ago and I wanted to record what forces were involved in abandoning it. Perhaps someone will find it interesting.
Last year I was lamenting the poor choices available of free software for people trying to learn Japanese. There were many started attempts (and abandoned), but none that seemed able (or stable enough) to really be used for day to day studying.
Japanese is an interesting language to learn. Not only do you have to learn the meaning of vocabulary, but you also have to learn how to write that vocabulary using kanji (Chinese characters). There are many flashcard systems around, but none that make it easy to create the necessary trinary association (English to Japanese pronunciation, Japanese pronunciation to English, Chinese characters to Japanese pronunciation), or to schedule the quizes appropriately.
So I decided to write my own. It is called JLDrill. I wrote some code and started to use it heavily. I looked at all the available Japanese drill programs around and tried to fix the deficiencies I found. It seemed like a good start.
Except... It wasn't helping me to learn Japanese. For some reason, even with my improved approach, there was still something missing. Once I got up to 1000 or so items of vocabulary, I would start forgetting things and the system became unmanageable.
So I decided to stop writing code and start doing research on the way memory worked. I stumbled across a technique called "spaced repetition". This psychological theory claims that there is an optimal schedule for repeating items that you want to memorize.
Lo and behold, I also found several active free software quiz programs that implemented spaced repetition. So I decided to start using one (Mnemosyne in case you are curious).
Wow! It was a night and day difference. Even though it still doesn't handle the specific oddities of Japanese language data, using it was amazingly more productive than using my own software. So I stopped working on JLDrill and suggested to my users that they switch to Mnemosyne.
I still feel a few itches for specific features for Japanese language drills. But instead of restarting JLDrill development, I will probably try to add these features to Mnemosyne. It will probably be easier that way.
In the meantime, JLDrill is yet another half finished program languishing on a server somewhere. If someone does statistics, they will see that it only had active development for about 3 months — just like all the other abandoned projects.
But what statistics don't show is that JLDrill completely served it's purpose. It allowed me to explore ideas which ultimately led to a better solution. Because both JLDrill and Mnemosyne are free software, it allowed me to migrate over to the better solution without losing my investment on JLDrill. Not only that, because Mnemosyne is more popular than JLDrill was, I now have a larger pool of development talent working on the project. All at no cost to me.
This is why free software is important.
MikeC
posted at: 16:56 | path: /oss | permanent link to this entry
Thu, 07 Sep 2006
Bruce Schneier writes at:
http://www.schneier.com/blog/archives/2006/09/microsoft_and_f.html
and at:
http://www.wired.com/news/columns/0,71738-0.html
Last week, a hacker developed an application called FairUse4WM that strips the copy protection from Windows Media DRM 10 and 11 files.
Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."
But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.
So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.
This clearly demonstrates that economics is a much more powerful motivator than security.
posted at: 18:20 | path: /oss | permanent link to this entry
Tue, 05 Sep 2006
This got emailed to me. Google could only find it on one other blog, and I suspect they got it as well.
Might as well give it a home. Why can't stores put nice chairs in various places for husbands to sit on?
January 12, 2006
Re: Mr. Bill McCubbin Multiple Complaints
Dear Mrs. McCubbin,
Over the past six months, your husband, Mr. Bill McCubbin has been causing quite a commotion in our store. We cannot tolerate this type of behaviour and have considered banning the entire family from shopping in any of our stores. We have documented all incidents on our video surveillance equipment. Three of our assistants are attending counselling from the trouble your husband has caused. All complaints against Mr. McCubbin have been compiled and are listed below.
15 Things Mr. Bill McCubbin has done while his spouse is shopping:
1. June 15 2005 : Took 14 boxes of condoms and randomly put them in people's carts when they weren't looking. Some religious factions can be extremely upset by this.
2. July 2 2005: Set all the alarm clocks in Housewares to go off at 5-minute intervals.
3. July 7 2005: Made a trail of Apple juice on the floor through ailse's 2 and 3 leading to the Toilets.
4. July 19 2005: Walked up to an employee and told her in an official tone, 'Code 11' in ailse 4..... and watched what happened. (This is a code for a terrorist attack the assistant is still off work with stress)
5. August 4 2005: Went to the Service Desk and asked to put a family bag of peanut M&M's in the lay away service till Xmas.
6. September 14 2005: Moved a 'CAUTION - WET FLOOR' sign to a carpeted area.
7. September 15 2005: Set up a tent in the camping department and told other shoppers he'd invite them in if they'll bring pillows and sleeping bags from the bedding department.
8. September 23 2005: When a clerk asks if they can help him, he begins to cry and asks, 'Why can't you people just leave me alone?'
9. October 4 2005: Looked right into the security camera; used it as a mirror, and picked his nose then proceeded to eat same. ( We had to replace £3000 worth of equipment after the female guard on duty threw up over it )
10. November 10 2005: While handling guns in the newly opened hunting department, he looked dishevelled and asked the assistant if she knows where the antidepressants are kept
11. December 3 2005: Darted around the store suspiciously whilst loudly humming the "Mission Impossible" theme.
12. December 6 2005: In the auto department, practiced his "Madonna lookalike' bit using different size funnels.
13. December 18 2005: Hid in a XXXL clothing rack and when overweight customers came anywhere near, he yelled "PICK ME FATTY !" "PICK ME!"
14. December 21 2005: When an announcement came over the loud speaker, he assumes the fetal position on the floor and screams "NO! NO! It's those voices again!!!!" (And; last, but not least!)
15. December 23 2005: Went into a fitting room, shut the door and waited a while; then, yelled, very loudly, "Hey anybody out there, There's no toilet paper in here!
posted at: 03:21 | path: /children | permanent link to this entry
I lost my third FreeS/WAN POS box last month. (it became very flaky)
But, I got another P4-4GB ram system, and moved disks around. I put a dual PATA controller in, as the MB has only a single PATA channel.
Machine is "grouper.sandelman.ca", and it's in trout's old tower case. I'll be moving some of my various <1GHz boxes into it as guests. I hope that the electrical savings will justify everything, but I had to replace the dead system anyway. Hopefully I can split the CPU between running UML tests and spamassassin...
I move the dead POS box's 80GB drive to it. I had some minor problems getting a new enough 'insmod' under debian root that could load the xen modules. (I hate modules.. and why bother for base xen devices, like xennet...?????)
Anyway, the machine is back up. I'll be bridging the second ethernet to my service network... so the Dom0 will be on one network, and won't actually be on the network that most of the guests are on.
I got a:
and hooked it an LCD monitor in our mud room. It runs VNC over 802.11 to Meaghan's desktop. They installed ipsec in it, but they missed a couple of scripts, so it is not running over IPsec yet. I'll be addressing that issue as soon as I finish extracting their build environment.
(Yes, of course it runs Linux)
The speed with x11vnc to send her actual desktop over the wire isn't great. Probably, I'll be creating a XenU guest for her, and maybe just run xvncviewer on her desktop as well.
It also has a browser (dilo), and an SSH client.
The Sumo's price at just over 500CDN needs to get 50% cheaper before it becomes a no-brainer for a spousal/offspring system. I got a roll-up USB keyboard.. spillproof against Liam.
It needed a USB keyboard, I had none. The local store had few USB keyboard offerings that weren't wireless keyboard/mouse combos. I realize that the wireless mouse would rapidly get carried off by Liam, and lost in a toy box, like the VCR remote did.
posted at: 01:38 | path: /oss | permanent link to this entry
Thu, 17 Aug 2006
Why nuclear power is not open source
One of the critical factors that has permitted open source to flourish has been the relatively standardness of processors (they are all 8086s, effectively, sigh...), and their relative cheapness (generally speaking, less expensive than a used car, and now very much so).
We are able to experiment with different designs for almost any aspect of an open source operating system.
We can even try dangerous things: for instance, what happens if I try to
keep my processor cool by switch C-states and P-states, rather than turn on the fan? When I encounter a bug in my code, I get a meltdown. Oh, well. Not a cheap situation, and the landfill result is unfortunate, but if I succeed, I might be able to significantly reduce the power consumption of laptops, extending their battery life (both charge time, and time before I have to landfill the batteries).
I picked this example on purpose. Can I do the same thing with a nuclear power plant? The answer is no. There aren't enough of them, they are too expensive to build, we have no idea how to "landfill" them afterwards, and the negative impact of a meltdown is too significant to contemplate.
This means that I can't think about the 30 ways that Homer Simpson can screw things up, and figure out how to build a system that fails safely with him in control.
Similarly, I couldn't do the above work in 1972 either. The one computer that my university might own was far too valuable for me to be permitted to mess with the operating system. That was only for professionals (the person from IBM that came with the 360). Instead, they gave me virtual 360s on which I could play with virtual paper tape readers.
The lesson is that big is not better for open source. It creates a small number of critical components/systems.
Small, cheap, distributed components/systems permit experimentation. I point to "Back to the Future II" --- The Delorian is now powered by "Mr. Fusion" — throw some garbage in it, and it generates power. It's SMALL. It probably doesn't blow up if you put the wrong things in, it probably just turns itself into a paper-weight, the way a P4 without a fan does.
That's why nuclear power is bad --- not because it's atomic, but because we have a very small number of very centralized, hypercritical components, and we have, as a result, no idea how to take them apart.
Nature gets open source --- she puts a copy of the source code in every friggin bacteria, and creates opportunities for mutation. And there a billions and billions and billions of them.
Greens are generally seen to be opposed to nuclear power. Unfortunately, most of them are still caught in the NDP/left hysteria about it. They don't understand it. Fundamentally, what scares them is not that they are afraid of radiation — what scares them is that they know they aren't in control of the political machine that controls nuclear power (and the mentally related nuclear weapons).
No amount of technical explanation really helps --- I know sub-atomic physicists graduates who are emotionally afraid of nuclear power. So, this is why the nuclear power FAQ doesn't really help people --- it's technical facts that just make them feel like there is an attempt to brainwash them.
Greens should be afraid of centralized control over the means of production. Greens, like republicans and libertarians oppose communism and stalinism --- we should be concerned when the means of production is in the hands of the few.
This is why greens have a fundamental principle of decentralization.
A critical element of this is that technology be designed such that it can easily be replicated, that it can be adapted (in the field if necessary --- think about Mr. Scott or Mr. Spock on the Star Trek - Enterprise: He can't beam back to Redmond if you need an Operating System patch...), and it can be repaired.
Software monopolies are the opposite of decentralization — It's stalinism.
posted at: 18:23 | path: /oss | permanent link to this entry
Fri, 11 Aug 2006
Changes to carry-on luggage rules
I have several responses to the recent changes to carry-on items.
First, if I am unable to get water in sufficient quantities on-board an aircraft, then I will not fly. I already try to avoid it for all short-haul trips, but the lack of investment in inter-city rail, and the lack of connectivity between airports and rail stations in Canada severly restricts this. For instance, there is no reason for an airplane to ever travel between Ottawa and Montreal.
Not having the right to provide myself with enough water is a public health issue. Water is critical to being comfortable when flying. Many airlines have clued in and come through with water at frequent intervals, but not often enough.
Since Transport Canada is permitting the number of flight attendants to be decreased (1:75 instead of 1:50, I believe it is), the amount of water will decrease. Airlines therefore MUST provide more water. For the sake of the environment, I am happy to bring my own container, but that may be hard to audit.
Second, I am primarily a business traveller. I travel with my laptop computer. I avoid Air Canada whenever possible, since they simply do not provide enough space between seats to operate my laptop. I'm tall, but not overweight, and I don't fit in the seats. If you want to know why people get air-rage, look to the size of the seats.
My laptop, however is a far greater risk than water. Having me turn my laptop on is not very effective: less than 50% of the space in the case of my laptop is devoted to the electronics that turn it on.
Thirdly, as a business traveller I understand that sometimes people want to have their wheelie case on board. It makes them feel important --- that they showed up at the last minute, and changed their ticket so quickly that they couldn't check their baggage.
Nonsense. We don't let people do that anymore, and if we do, I would suggest that this is an even greater risk.
People regularly put their bags above *OTHER PEOPLE*s seats. I say that they should banned as far too hard to search properly.
Finally, it used to be in Canadian airports, one was lucky to have a water fountain on the secure side of the airport. None of this shopping mall stuff. We've changed. We've given up large amounts of security so that we can shop. That's a significant security concern for me.
At Heathrow, you go through a second set of scanners before getting on the airplane. Maybe we should just move the scanners there, and stop pretending that the airport-shopping malls have any security at all.
posted at: 16:46 | path: /legal | permanent link to this entry
Fri, 21 Jul 2006
http://news.bbc.co.uk/2/hi/technology/5203146.stm
quotes:
"Our position is simple: DRM doesn't add any value for the artist, label (who are selling DRM-free music every day - the Compact Disc), or consumer, the only people it adds value to are the technology companies who are interested in locking consumers to a particular technology platform." Dave Goldberg, the vice president and general manager of Yahoo Music urged record labels reconsider their stance on DRM technology earlier this year.
Wow. I couldn't say it better.
posted at: 15:44 | path: /legal | permanent link to this entry
Wed, 19 Jul 2006
Well, so Bloxsom has a problem, I think. Maybe it's muse mode.
The problem is really HTML. If I have a line with a very long URL, it doesn't get wrapped (seems reasonable).
Unfortunately, that makes the rendering on the screen very wide (at least with Mozilla and epiphany), and means that it is hard to read.
I fixed the URL that was too long.
posted at: 23:36 | path: /blog | permanent link to this entry
I wrote this message back in 2004, and with the new procurement concerns coming from the Federal government, I want to re-iterate it. The connection is that you can compete to price alone ONLY if you have a full, stable specification. (Pencils are about all I can think of that fit that description)
Date: Fri, 08 Oct 2004 13:46:19 -0400 From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
My opinion is that there are little direct cost savings to FLOSS. It may well have higher direct costs, even. The reason has nothing to do with FLOSS. It has to do with cost/benefit ratios of outsourcing.
FLOSS is primarily about insourcing large amount of things. Off-the-shelf manufactured products represents ultimate outsourcing.
It is always cheaper to outsource IT, provided that you know what it is that you need doing (in sufficient detail that you can write the contract 1), and that your requirements are at least 90% in common with everyone else.
Outsourcing has the following problems:
a) lack of flexibility b) lack of customization c) lack of agility/dexterity (you can't change things quickly)
<SARCASM> But, we don't expect those things from our governments anyway. Certainly there are no corporations or NGOs that have any need to innovate, adapt to changing economic trends, or react to customer demands. </SARCASM>
Note: it doesn't matter what the licensing policy of the software is. It
is the business relationship that means that you are charged a
fixed price for a fixed basket of goods that is the problem.
In a typical MS-Office desktop environment you have no useful first line of IT people. Even if you might have competent system administrators (and I don't mean MCSEs) there is essentially nothing that they can do to deal with any major issue. The only thing they can do is click on wizards, and call 1-900-Microsoft. As long as you only do things that 90% of microsoft's other customers also do, you are fine. You will get a fix sooner or later. If you are in the other 10%, and do unusual things, you are SOL.
Since there is no use for a senior system administrators (they can't do anything), you might as well hire junior MCSEs, as they are cheap, redundant and easily replaced.
[1] You do need the occasional access to a VERY SENIOR, UBER IT/business
person to write the contract perfectly. I know very few people who
have these skills.
You can contract a "consultant", but as most of the ones that have
the time to deal with MERX-RFP-crap to get the contract to do the
consulting, have the time because it is a loss-leader to being
in a position to sell the solution as well, they probably are too
vendor bias'ed, so you don't get a good contract.
Insourcing is about empowering people to solve their own problems. Giving them a multitude of tools (a utility belt), and the ability to adapt and fashion their own tools. This is where the licensing policy matters. If you can take the whole product to another supplier, or do the work internally easily, then you can adapt things. Things that are high risk are usually best done internally, where you can control the risk (==cost).
It is also why things like VisualBasic exist, and is the #1 tool that MS-Office shops use. It provides them the flexibility, agility, etc. that you need. But, this is in fact insourcing!
Note that the lack of 1 in most departments is what actually makes it very hard for FLOSS-corporations to offer open source solutions in response to outsourcing requests. Since the buyer doesn't really know what they want, they seldom get what they need, often pay huge amounts to have things "customized", and in any case, their needs change often.
However, since FLOSS corporations are often made up of a small number of
1.-like people, and a better solution is to train the internal people to do most of the work.
posted at: 23:28 | path: /oss | permanent link to this entry
The ISO layers of the legal code
{This entry written over a course of several weeks}
I attend a group called the "Gaggle", see http://www.goslingcommunity.org/ where I often argue, sometimes loudly (it's a sports bar, so everything is loud) with Russell McOrmond (http://www.flora.ca/russell/ ). Russell is my best friend, business partner and we were each other's best men.
So, it's often surprising how violently we can disagree. It's even more surprising when we are often violently agreeing. One problem that both Russell and I have, is that often we argue with each other, often thinking that we are in fact arguing with the "enemy". It's kind of like honing one's skills, but often it gets in the way to actually communicating new ideas to each other.
Sort of like when the angry feminist goes into some store and asks to buy some bullets, and the clerk says, "I can't sell you those bullets." and the woman gets mad, assuming that the clerk is some kind of misogynist. The clerk finally explains, "No, it's not because you are a women, it's because I don't have any in stock."
An on-going argument is about the end-to-end issues on the Internet, and what constitutes "upload" vs "downloading".
In general, I hate the terms. People who use the terms uploading and downloading are from the Bulletin Board Systems days, and from that kind of thinking. Unfortunately 99% of the users of the internet came to it sufficient late, and via dialup and "residential high speed", that they actually have never really experienced the Internet of the 1980s, and the early 1990s.
Russell is also concerned about end-to-end issues.
(Please correct me if I am using any loaded terminology)
Russell explains that in Canada, "downloading" copyrighted works (such as an MP3) is not illegal, particularly if it gets put onto a levy'ed media such as a CDrom.
What is illegal is "uploading". So, the theory goes, I am permitted to receive materials, but I am not permitted to send them. I can make a private copy — so I can borrow your CD, and I can copy it. That's permitted. You can't take your CD, make a copy and give it to me. That's not permitted.
There is a lot of question of intent.
My major concern is that of enforcement.
At present a large number of "residential" ISPs (Rogers, Bell Sympatico) have a policy of "no servers", and they regularly block various ports, sometimes blocking all incoming packets with the "SYN" bit set. A TCP SYN packet is what is used to start communication with a "server". Any ISP that puts their customers behind a NAT, or encourages their customers to install NATs by not providing them with enough IP addresses is effectively blocking TCP SYN packets. Bell Sympatico GIVES people the NATs. (Who owns and controls them? That's the topic of another article)
It's not limited to residential services. A huge number of business people think that NATs have some kind of useful security function. The reality is that they simply cut of 50% of the functions of the Internet, which sometimes means that they cut out 50% of the security holes present in some desktop operation systems. Of course, you can cut out 100% of the holes by powering the desktop down as well. Since the NAT improves security by preventing legitimate uses, any measure that improves security, even if it prevents legitimate users, would by the arguments above, be legitimate. So, I would conclude that the power switch is much more secure than the NAT.
However, I do not believe that we need to prevent legitimate uses to improve security. Often we can improve one module's security profile, by moving appropriate functionality to another: for instance, exchanging files by FTP or SFTP is much smarter and more secure than doing it by email, but we don't do that because residential desktops do not have permanent identities on the network, and oh. yeah... that NAT. And people who exchange files are, by definition, evil.
As I explained that Friday (2005-05-27), I can't tell, as a network operator, looking at the layer-3 part of the packet (the IP header) if the traffic is an "upload" or a "download", or if it is a TCP SYN packet or not. (The two are not equivalent. I can certainly identify the TCP SYN packet, but the upload/download involves knowing intent, which requires much deeper packet inspection.)
The layer-3 information is the only information that a network element needs to look at. I claim that this is the only part of the packet that a network element is permitted to look at.
To understand my claim you need to have some history about phone taping. Since 1984 in the US the pen register was formally defined. See http://en.wikipedia.org/wiki/Pen_register for a good history.
This is important --- access to the Pen Register is not considered a search, but at the same time, it isn't public knowledge. From the above page:
Ten years later the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." Smith v. Maryland, 442 U.S. 735, 744 (1979).
That's why the law in 1984 was necessary.
The question is then: what parts of the TCP/IP stack are covered by Pen registry legislation, and what parts are not? The US Congress even talked about this a bit:
(search for "Pen Register". This from September 25, 2001, about the Patriot act. I don't know why it shows up under Canada.usembassy.gov...)
Another interesting link:
http://www.interesting-people.org/archives/interesting-people/200204/msg00112.html
And another: http://www.volokh.com/2003_05_04_volokh_archive.html#200272201
[Orin Kerr, 12:47 PM] New decision on surveillance of Internet search terms: During the debate over the USA Patriot Act, some opponents of the Act argued that the amendments to the Pen Register statute (18 USC 2701-11) gave the government the power to monitor the terms that users entered into Internet search engines with only a Pen Register order. As the Electronic Frontier Foundation warned in its analysis of the Patriot Act: Be careful what you put in that Google search. The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. As I explained in a recent law review article, this criticism is off-base (if you're really interested, look at pages 644-648). Whether the government may collect search terms that appear in URLs depends upon whether the search terms are "contents" under the Wiretap Act, and does not involve the Pen Register statute. Whether search terms are "contents" remains unclear, I noted, and the Patriot Act unfortunately did not clarify whether the government needs a Wiretap Order to conduct such monitoring. But the Patriot Act did not lower the privacy protection offered to search terms. (This hasn't stopped reporters from repeating EFF's claim as simply a factual statement about what the Patriot Act does, but that's another matter.) I mention all of this because yesterday the First Circuit decided a case applying the Wiretap Act to the Internet that seems to conclude that URL search terms are in fact "contents" under the Wiretap Act. You can read the opinion here; read my summary of the case here. There are some analytical weaknesses in the opinion and its scope isn't entirely clear (see the case summary for the details), but the opinion supports the view that the Wiretap Act protects URL search terms-- and it does so by interpreting language in the Wiretap Act that was unchanged by the Patriot Act. In other words, the opinion suggests that URL search terms are protected by the Wiretap Act, not the Pen Register statute, even after the Patriot Act.
So, back to end-to-end.
If it is the case that only numbers disclosed to the ISP for routing are part of the Pen Registry, then I read this very clearly: the IPv4 header contains that information.
The TCP header (in which the SYN flag, and the port numbers are) do not.
Anyone filtering on TCP headers without the permission of both parties is performing an illegal search.*
Subsequent to when I started writing this entry, Sympatico announced they were amending their user agreement to get this kind of permission. That's might be okay. We'd need to ask some critical questions before allowing citizens to give up their rights: did they have a choice? If all ISPs force citizens to do this, then perhaps there is a cartel? Some kind of collusion?
But, I have a simpler solution: any ISP that wants to do this is no longer a common carrier. They are now responsible for ALL content. Including the child porn found on a web server in Zealand that crosses their network.
But, back to "uploading" and "downloading".
In Spain recently, it was reported in IRC (I do not have a good official reference, but would welcome one):
(12:17:38) quanttrom: talking about P2P : Section_Ei8ht writes "Spanish Congress has made it a civil offense to download anything via p2p networks, and a criminal offense for ISP's to allow users to file-share, even if the use is fair. There is also to be a tax on all forms of blank media, including flash memory drives. I guess the move towards distributing films legally via BitTorrent is a no go in Spain."
In Canada, we already have the tax on blank media, and generally this has permitting "downloading" to be legal, while "uploading" to not be legal.
Let's say that Canada passes a law making it a "civil offense to upload".
And let's say someone wants to enforce this law. How can (technically) they do it? Simple: do not let TCP SYN packets to end users. Oh, wait. That requires a search warrant.
So the law enforcement agency has to have probable cause, and has to present a search warrant. That's okay, since they had to have probably cause for a specific end-user, they can't just let out a dragnet.
This is why I claim that nobody can tell (without a search warrant) if I am uploading and downloading, and thus, effectively, there can be no technical difference between the two operations.
Being able to enforce a law is one of the critical questions that law makers are supposed to ask. I conclude: you can not enforce such a law without violating everyone's privacy rights.
posted at: 23:24 | path: /legal | permanent link to this entry
application/octet-stream considered unsafe
I get various emails, often bills from organizations that I have accounts with in PDF. Some of them send them to me as application/octet-stream, with a .PDF extension. When I double click on this attachment, it saves-to-disk.
When they send me text/pdf format, then I start acroread and/or gpdf, and I can see their PDF. This is what I reply to them with:
In the past a number of popular mail programs have resorted to looking at the file extensions to determine the file type. These same systems are very vulnerable to trojans and virii, and the reliance of file extensions causes confusion to users --- they wind up authorizing dangerous operations. It's kind of like letting your toddler play with a loaded gun. Something bad is going to happen. In this case, something bad happens to the tune of nearly $6B/year. This is despite massive spending on mostly ineffective virus scanners --- always keeping us safe from last years' attack, but never defending against what might come tomorrow. Internet standard email, as defined by RFC2822 and a great number of other documents on MIME, does not use extensions. This means that it is not possible to mis-represent file content to users --- if the file appears to be a safe picture, it will always be displayed as a picture, not a trojan. You have sent me files of type application/octet-stream. I may be able to guess that they are safe, but I have no real assurance of what they really contain.
posted at: 16:13 | path: /standards | permanent link to this entry
Tue, 27 Jun 2006
Estimating software mis-licensing is hard
Editor, Communications of the ACM Dear Editor, Re: Bagchi et al. "Global software piracy ...", June 2006, pp. 70-75. We are extremely concerned that a peer-reviewed magazine from an apparently serious professional organization would permit the publication of a report that predicated its research on data from a single source that has a vested interest in magnifying apparent losses due to activities they characterize as "piracy". For one critique, see Business: BSA or just BS?; Software piracy, The Economist. London: May 21, 2005. Vol.375, Iss. 8427; pg. 78. We do not doubt that there is unauthorized copying of copyrighted materials. However, estimating its true level is difficult. Multiple approaches and sources are needed, and the methods need to be fully open to review. Yours, Prof. John C Nash, nashjc@uottawa.ca Dru Lavigne, dlavigne6@sympatico.ca Russell McOrmond, russell@flora.ca Charles MacDonald, cmacd@TelecomOttawa.net Michael Richardson, mcr@sandelman.ottawa.on.ca Raymond Wood, au516@freenet.carleton.ca
posted at: 00:31 | path: /oss | permanent link to this entry
Thu, 15 Jun 2006
Recently, a fellow asked about getting linux kernel work in Ontario. He's an ex-pat, moving back to Ontario from the UK, and wanted to know where to look.
Well, I asked a question:
make sure you have a web site, and some stable non-yahoo email.
I consider a stable web presence, and some stable non-webmail email address to be a "you must be this tall" criteria when hiring.
It took me a moment to think of why this is.
Finally, I realized why I was asking, and said:
so, if I google that email, I'll find lots of intelligent questions, and even more useful answers on mailing list archives?
This is the thing --- if you have only ever been a consumer of the Internet, googled archives, but never answered questions, etc. then it is very hard to find out much about you.
A company I worked for went through a number of VP's R&D. I googled each one. Nothing. Bumpkiss. Final one, I learnt had been on a canoe trip in the north-west territories. Never did his name show up anywhere else. Not in a press release, or a "speaking at", or in an online mailing list for afficiadoes of purple knitting needles.
It's hard for me to believe that someone has in fact used the Internet, truly used it, when they just didn't leave any trace.
Yet, many people keep throwing away their email accounts, getting new ones, and use their ISP provided crap email systems, and then change when they get a new ISP. How can you have an online identity that way?
And it isn't like aliases aren't all over. You can get one everywhere, and smart people either have their own domain, or they get an alias like pobox.com, or acm.org, etc. Gmail.com seems to be somewhat more clueful to me than msn/yahoo --- I think because gmail actively encourages use of POP and other internet standards for processing email.
You just can't read 100 non-spam emails a day with a web interface.
As an aisde, I love it when I get an email from some head hunter who wants my most recent resume --- yet, every copy of my resume has the URL of my resume in it. To me, that's so obvious a thing to have, that anyone technologist that doesn't have it... isn't really a technologist.
It's all about reputation.
posted at: 21:29 | path: /oss | permanent link to this entry
Tue, 13 Jun 2006
(used with permission)
Op Ed piece on LRT expansion - June 12, 2006
By Tim Lane
There seems to be a concerted effort to forget, or dismiss, what the existing diesel light rail O-Train has accomplished.
A fifteen minute service on an existing heavy rail line, that carries upwards of ten thousand passengers per day, on a single track.
A system that integrates O-Train & bus to give people a faster, more comfortable trip than by bus alone, to many destinations.
A system that is the ideal way to get to events at Dow's Lake (Tulip Festival, Winterlude, etc.).
A system that has won awards, although on at least one occasion, management didn't tell the train drivers about it. (Ask me about that one!)
A system that has had beneficial effects on the bus system, freeing up buses to be used elsewhere.
A system that has tremendous fuel savings, on a per- passenger basis, compared to buses.
A system that reduces air pollution, compared to buses.
A system that provides ENORMOUS savings on snow clearing, compared to roads.
The O-Train kept running flawlessly, during last December's snowstorm that immobilized hundreds of buses.
The David Gladstone Memorial Pathway, between Bayview Station & the Ottawa River Parkway recreational path system, would have allowed people out for a stroll or bike ride, to see how close the O-Train comes to the Prince of Wales bridge. Of course, some people in the City don't want the public to know that a simple, low cost solution to cross river traffic congestion is immediately available.
The reason I call it the "David Gladstone Memorial Pathway", is that he will probably die of old age before it ever gets built. (pace, David!)
Capital Railway (the O-Train) now has the federally mandated authority to run a rail passenger service into Quebec, which would obviously involve using the Prince of Wales bridge.
Doing this would be the simplest, most cost effective solution to downtown traffic problems.
It would allow many Gatineau residents, who, for example, work at Confederation Heights to ditch their car, and take a much faster transit service to work.
It would allow many OC Transpo and STO buses to stay on their respective sides of the river.
This would reduce bus congestion in the downtowns of both Hull and Ottawa.
It would allow many of these buses to be redeployed in various Gatineau and Ottawa neighbourhoods, thus improving bus frequency, without having to buy any new buses.
Now the Mayor seems to have fallen into the trap of forgetting what the diesel O-Train has accomplished, and is convinced that any future LRT has to be the expensive kind.
He has forgotten that the #1 reason you bring in light rail, is TO REDUCE THE COST OF OPERATING YOUR TRANSIT SYSTEM!
The #2 reason, is to give your riders a FASTER, MORE RELIABLE TRIP, if terms of travel time, and schedule adherence.
The new North South LRT extension, looping through Riverside South before entering Barrhaven from the south east, will, at enormous cost, provide passengers with a slower trip from Barrhaven to downtown, than the express buses on Woodroffe Avenue.
The plans for the East West light rail lines, with proposals to run it down busy city streets, rather than the existing, mostly grade separated rail corridors, show that the purpose of LRT, now, is to enhance the value of developers properties.
The two real reasons for LRT, above, have been thrown out the window.
There is no way that the proposed Light Rail system will provide a fast, reliable trip. Nor will it reduce the cost to the taxpayer of providing transit, if the vehicles, subsidized by the hour, are taking forever to get people where they're going.
I believe that it is time to put a halt to these LRT expansion plans, until after the election next fall. That would give the public and the planners time to get some sanity back into our transit system.
Tim Lane
posted at: 00:33 | path: /travel | permanent link to this entry
Sat, 10 Jun 2006
Getting cable service from cybersurf/3web
I have a 3MB/s bridged ethernet DSL service from http://www.travel-net.com/. They are mostly a good company, with some minor connectivity issues. Specifically traffic to/from Rogers Cable can be slow, and they have not reconnected to http://www.ottix.net/ yet.
One of the partners of http://www.xelerance.com/ lives on the edge of town, and is lucky to have Rogers Cable. We have VPN tunnels, etc. and it would be nice if we could get more bandwidth between us. Our Oakville office now has a Cogeco cable as well as DSL, with the tunnels running over that connection, and it seems to work well. Trust the cable cable company to be connected to itself, right?
I abhore Rogers. I hate them. As soon as GSM phones get portable numbers (come ON CRTC. Get a clue on this. There is no competition in mobile phones until there is number portability.), then I leave Fido/Rogers. So, I'm not signing up for Rogers Cable. (We use Starchoice satellite TV).
I contacted cybersurf/3web, the Calgary company that purchased igs.net, cyberus.ca, and the customer list of istop.com. They have a way to offer cable internet service. This is partly because, I'm told, they have an investment from Sprint, who also invested in Rogers. Rogers has been in trouble with the CRTC for not permitting third parties to offer service over their wires. They have given lots of stupid pseudo-technical excuses, which the CRTC, in their ineptitude have accepted. Still, permitting 3web to sell service over their wires makes them appear more compliant.
I had an initial install date of May 9. A guy from Spectrum Cable arrived to install things at around 5:15pm. He soon realized that there was no cable to the house, no demark, and that Rogers had disconnected the cable back in 2001, up at the pole. He didn't feel like putting his ladder up on my side of the fence, and didn't feel like getting on the roof of my neighbour's shed without their permission (they weren't home), so he packed up and went.
I contacted 3web, arranged for another install date, got a letter from my neighbour giving permission to access the pole by climbing on the shed. The new install date was May 16. Nobody showed.
I contacted 3web again. Days passed. I tried phoning --- their phone system was in a major loop. Can't call them.
I noticed that my credit card had been billed already. A bit of a problem, given that I have no service yet.
I am now in email contact with "Shannon", HD agent 1200, and she can't seem to understand that I want to give them my money.
posted at: 14:47 | path: /colo | permanent link to this entry
Thu, 25 May 2006
Peace Tower clocked killed by DMCA?
Well, not literally, but Howard Knopf jokes about this in his blog at:
http://excesscopyright.blogspot.com/2006/05/knopf-v-speaker-of-house-of-commons.html
The original point of the article: http://www.canada.com/components/print.aspx?id=891da412-8d83-418b-8617-c12c0533acdc&k=53721
posted at: 19:47 | path: /legal | permanent link to this entry
Wed, 24 May 2006
I just moved some patches to the Linux kernel from a 2.6.15 base to a 2.6.16.18 base.
This is how I did it:
- I started by going to my copy of the Linus Torvalds tree, and updating it.
% cd /mara1/git/torvalds % cg-branch-ls origin http://www.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git % cg-updateto get the latest code down, just in case.
- I then cloned the tree.
% cd /mara1/git % cg-clone torvalds stable2.6.16.yCloning it like this lets it use hard links!
- I then added the 2.6.16 branches:
% cd stable2.6.16.y % cg-branch-add stable2.6.16.y http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.16.y.git % cg-update stable2.6.16.y
- I then added the stable 2.6.16 tree to my working tree. I prefer to have
seperate trees like this so that I can poke around. I could added the stable branch to my torvalds tree, btw.
% cd /mara1/git/klips-ocf % cg-branch-add stable /mara1/git/stable2.6.16.y % cg-fetch stable
- Then I ran git rebase.
% cg-tag ocf_v2.6.15 % git rebase stable ocf % cg-branch-chg origin git+ssh://git.openswan.org/public/scm/klips.git#ocf_v2.6.16
I made sure to leave a tag, because "git rebase" changes the branch, and you might not be able to get it back.
posted at: 20:17 | path: /howto | permanent link to this entry
I had a system with a single 40Gb PATA drive in it. It had two 160GB SATA drives in it too, but the SATA controller on the motherboard was not supported yet by Fedora Core 5. (It's a VIA controller. VIA has drivers, but they aren't stable yet)
I got a 2-port Adaptec SATA controller, hooked it up while moving the machine to a 3U case, and booted. Great, everything works.
I then added the two new volumes to my "VolGroup00", and took the system down to the colo. Oh. shit. It won't boot.
Why? because the initrd for the system didn't have the Adaptec controller, so the system couldn't see the extra physical volumes, so it couldn't construct the logical volume group, so it couldn't find the "root" disk.
DAMN.
I booted a Fedora Core 5 rescue CD. (I am, btw, looking for a 30-50Mb image that I can stick on /boot, and invoke from grub, which would be a serial-console happy rescue image. It should have sshd, and be able to dhcp an address ideally.... I was going to take apart some CD-based .iso, but I haven't done hat yet)
I then fixed this by running mkinitrd properly, and the system found the right disks, and booted.
I thought: I don't want all my disks in the same volume group if a screw up will prevent the system from booting.
I came across the command "pvremove", which I proceeded to run on /dev/sda1 and /dev/sdb1. OOPS. System won't boot again, because I actually destroyed the physical volumes (from LVM's point of view), not removed them.
Another run through with the rescue CD. Need to figure out what to do. The command "lvm" is nice, because as a wrapper around all the commands, it also tells you quickly what are actual commands and not.
The solution:
lvm> vgreduce VolGroup00 --removemissing Couldn't find device with uuid 'nwprFB-HWF3-GRL7-ow4P-JUXO-Zp2J-ckZ8fe'. Couldn't find all physical volumes for volume group VolGroup00. Couldn't find device with uuid 'nwprFB-HWF3-GRL7-ow4P-JUXO-Zp2J-ckZ8fe'. Couldn't find all physical volumes for volume group VolGroup00. Couldn't find device with uuid 'nwprFB-HWF3-GRL7-ow4P-JUXO-Zp2J-ckZ8fe'. Couldn't find device with uuid 'tLpEoy-X3jh-7QgU-oWTY-dmrh-4dKx-jCOLVm'. Wrote out consistent volume group VolGroup00
Now, I have:
trout-[~] root 1 #lvs LV VG Attr LSize Origin Snap% Move Log Copy% FlorinRoot GuestGroup00 -wi-a- 5.00G LogVol00 VolGroup00 -wi-ao 35.19G LogVol01 VolGroup00 -wi-ao 1.94G trout-[~] root 2 #pvs PV VG Fmt Attr PSize PFree /dev/hdb2 VolGroup00 lvm2 a- 37.16G 32.00M /dev/sda1 GuestGroup00 lvm2 a- 149.05G 144.05G /dev/sdb1 GuestGroup00 lvm2 a- 149.05G 149.05G trout-[~] root 3 #vgs VG #PV #LV #SN Attr VSize VFree GuestGroup00 2 1 0 wz--n- 298.09G 293.09G VolGroup00 1 2 0 wz--n- 37.16G 32.00M
posted at: 20:11 | path: /howto | permanent link to this entry
http://www.theregister.co.uk/2006/05/24/skype_vuln/
describes a vulnerability in Skype's clients. Okay, no big deal, bugs happen in programs. Just switch to another program for awhile until it gets fixed.
What? you mean, the program and the protocol are one? You can't switch without switching networks? Isn't that bad?
Yes, it is.
The reason why we should strive to use standards in our network protocols is so that one can have a competitive marketplace where one can use the best software that there is.
And one should be able to trivially switch from one to another: we do this all the time everywhere. Let's take an example from motoring: we get upset if the vendors of gasoline (petrol) do not compete! We expect all of the gasoline to be essentially interchangeable. Honestly, anything else is communism.
posted at: 19:55 | path: /standards | permanent link to this entry
One year ago, my son Liam Ronald Morris Richardson was born.
What an amazing year it is has been.
posted at: 19:49 | path: /children | permanent link to this entry
Fri, 19 May 2006
I too am not very happy with what ATI and Nvidia have done with their binary drivers only.
http://www.fsf.org/blogs/community/rms-ati-protest.html
http://www.zmag.org/content/showarticle.cfm?ItemID=9350
(curiously, ZNet says:
ZNet has begun to explore the possibility of converting to free software. If you would like to help in this effort, please go to the Free ZNet Project forums, register, and introduce yourself.
and give the link: http://znet.2y.net/zbb/index.php )
It seems that the correct approach for companies that want to make pieces of hardware that offload work from the CPU is for them to create open specifications about how to interface to their hardware --- at the system level, and publish these.
DirectX and OpenGL, for instance, are two such specifications. They are unfortunately at the level of C-API, rather than PCI register definitions. As such, they need a driver part for the backend. If the video manufacturers could see their way to making it a higher level interface, there would be many advantages, including an obvious way to run accelerated video over networks.
My company http://www.xelerance.com/ is involved in making a better specification for interfacing to hardware cryptographic accelerators. This is called OpenBSD Cryptographic Framework (OCF), and we are proposing extensions that we call OCF level2. Unfortunately our interface is also at the C-API level, and we have to deal with the question: would we want to permit binary-only drivers?
posted at: 15:40 | path: /legal | permanent link to this entry
Mon, 15 May 2006
http://trends.newsforge.com/trends/06/05/04/233250.shtml?tid=136&tid=2&tid=132 contains a lively debate about the Canadian Census vs open source.
http://www.digital-copyright.ca/node/2425 is another review of the situation.
I too am very frustrated with the situation. As soon as I realized that the Java applet involved was in fact Entrust's TruePass, I realized what had happened.
Once filled out, the Census information is considered "Protected". That is, it is classified information, and its classification is just above Top-Secret.
If you want to collect information of that classification, you have to use systems that have been evaluated for that classification. It turns that there is only one such system available: the Entrust TruPass system. They wrote it for Java on the theory that it was cross-platform, but the evaluation process requires that it be evaluated on specific pieces of hardware and software.
That means that the version of Safari, IE, Firefox, etc. and the versions of Java involved had to be locked down.
So, actually, they are violating the process - most end-user systems can not be guaranteed to actually be close to the evaluated platform. This should be a show-stopper. (I've been through this process)
Where is the real bug? It's in the evaluation (Common) criteria, which were basically designed before the Internet, and were first applied in 1995.
We in the open source community are actually fortunate that they even got to doing anything other than IE--- but that's only because the whole ePass system is targetted for widespread use by the Government of Canada.
Frankly, I find the whole ePass system of dubious value. Yes, finally, client side certificates... but how did they get enrolled? Are they being left on my desktop? can I put them on a USB key? what else is going on? My understanding is that the on-the-wire protocols are actually relatively standard, but the cryptography isn't used to protect me, but to assure SecureChannel that they are in fact talking to a "legitimate" copy of TruPass.
Why are those Performance Specifications not mentioned on the web sites? It's a violation of NAFTA 1007 to use the brand names as they have been used. The web site should go off line for THAT reason alone. This is really a scandal larger than Gomery. The amount of money involved is 10x that of Gomery.
Next problem: the helpdesk people were clearly not briefed or trained, and the Bell people that were contacted were clearly NOT qualified to be doing this work. Sure, Bell did some work. They procured the Entrust Toolkits, and typed "make"
When it comes down to it, this Java Applet another chink in the war over who owns my computer. See Bruce Schneier's comments: http://www.wired.com/news/columns/1,70802-0.html
The purpose of the Java Applet is not to make sure that your information is secure. That's easily accomplished with run-of-the-mill SSL. If you wanted more traceability and the ability to communicate multiple times, you'd use client side certificates. The purpose of this Applet is to protect the servers from being abused by network connections. In this case, it's very effective, as it keeps the system from being used as well.
This is in the same way that the barely legible words-in-pictures (such as on gmail.com, or yahoo, or random web logs) are designed to keep away robots. It's not about covering our asses, or protecting our privacy --- it's about covering theirs.
What can we do about this:
- make governments realize that saying "Please use product X" is in fact an endorsement of that product.
- make governments procure products using proper Performance Specifications
- this isn't about Microsoft vs Linux. It's about interoperability. Interoperability benefits Microsoft too: they are currently fighting against having SAP being listed as a "requirement"
In practice, this won't really happen until we have some Linux, BSD and Mac using members of parliament. Ones who refuse to run the junk that the Parliament of Canada (a department with a whole file of procurement violations) provides them. They will have to make a "federal case" of it. So, ask candidates what browser they use on their computer. Expect your MPs to be sufficiently technologically saavy to understand the question. We expect them to understand economics, and it's a lot more complicated.
posted at: 14:32 | path: /oss | permanent link to this entry
Sun, 14 May 2006
So, I'm here at Open Source Weekend, we have a reasonable turn out given the amount of planning that was done.
We are well positioned to have a longer event in the fall.
The location here works well, and seems pleasant enough.
posted at: 16:44 | path: /oss | permanent link to this entry
Fri, 12 May 2006
http://www.theregister.co.uk/2006/05/12/french_drm_concessions/ reports on Apple iTunes vs the French government.
It's interesting that the french government gets the concept that computer and network protocols must be open, and must be cross-platform. This is more than the Canadian government does ( http://www.sandelman.ca/mcr/blog/2006/05/03#canadian_online_census_violates_privacy ).
This is really very good news. I don't know much about the bill or the proposals to force DRM to be that way. I'm not clear that one can really have an open source DRM implementation --- if the DRM is actually well designed, then one would need to have some kind of private key embedded in the application, such that it can decrypt things, and the public key part would need to be signed by some industry consortium. So, the source code might be public, but the private key would have to be... private. I'm not sure how this can work, since the private key could trivally be reverse engineered out.
The alternative is that every citizen needs to get online and ask for session keys that permit the citizen to decode the content. That doesn't scale, and more importantly, there is little incentive for the citizen not to share the key.
posted at: 18:47 | path: /legal | permanent link to this entry
Wed, 03 May 2006
The story of his life:
http://www.wired.com/wired/archive/10.04/farnsworth.html
and how RCA screwed him over for his patents:
http://righttocreate.blogspot.com/2006/05/invention-of-television.html
posted at: 19:18 | path: /legal | permanent link to this entry
Canadian online census violates privacy
On May 16, 2006, Canadians will do their 5-year census. There is an option to fill it out online.
According to:
http://www50.statcan.ca/census2006/settings_1-0_e.htm#
You need to have one of:
Internet Explorer 7.0 Internet Explorer 6.0 Internet Explorer 5.5 Internet Explorer 5.01 Netscape Navigator 7.0 or higher Firefox 1.0.4 Mozilla 1.7.8 Safari 1.2.4 with webkit 125.5.7
This is because:
Notice: You must have a browser with Java virtual machine (JVM) from Sun Microsystems Inc. (Version 1.4.2_3 or higher), Microsoft virtual machine (any version), or Apple JVM (1.4.2_5 or higher) that supports 128-bit encryption.
Now if there is one thing everyone should have learnt --- client side Java is not a way to deal with private information.
If I were doing an online census, I would require the opposite: that you have Java, Javascript and ActiveX disabled when you fill out the forms. While there is no practical or theoretical way to be sure that there are no key-loggers running as a Windows BackOrifice service, at least one can be sure that there are no trivial ones living in the web browser.
I intend to bring this up with the Chief Statistician.
posted at: 02:40 | path: /oss | permanent link to this entry
Tue, 02 May 2006
A big problem for anything that manages many systems is keeping the systems working. A company recently put out something that I think is basically a GPL'ed syslogd for windows. http://www.loglogic.com/logforge/ It looks like hey are thinking about syslog, and mention "TCP syslog".
(A joke... you can't use the same port. syslog is UDP port 514, while TCP port 514 is... rlogin! That was a surprise one day in firewall land, a decade ago)
TCP syslog is not perfect --- the problem is that you want reliability, but you need to not slow the machines down due to network congestion. That calls, really, for SCTP.
For now, I stick to UDP, and use IPsec to keep it private, if available.
I've long pointed the syslogd on my Unix machines to one machine, usually my desktop, and arrange for my desktop to show them on my screen. Okay, when I'm not plugged in at that IP, I don't see suff.
It used to be that you could run xconsole or xterm -C, and you'd get the /dev/console stolen to that pty. This doesn't work as well anymore, but one can now use:
xconsole -file /dev/xconsole -geometry 1000x30+0+1 -font 5x7 -fg green -bg black -name Console
along with the default entries in /etc/syslog.conf:
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.crit;news.err;news.notice;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole
Note that xconsole's geometry is in pixels, vs xterm's which is in characters.
Don't forget to edit /etc/init.d/sysklogd to set
SYSLOGD="-r"
You'd expect to see an /etc/default/syslog file on Debian, but I don't.
The challenge now, is actually to get a better xconsole program-- one with a menu of some kind, and a way to interactively set filters, and have it show me logs with a given pattern, from a given host, etc.
posted at: 13:42 | path: /colo | permanent link to this entry
installing git/cogito on cygwin
go to http://sources.redhat.com/cygwin and install the cygwin system.
It runs a setup program that downloads core pieces that gives you bash, gcc, etc. under Windows. While you won't be compiling the code on your windows desktop/laptop, you may want to browse documents or code.
get and install cygwin (http://www.cygwin.com (http://www.cygwin.com/setup.exe)) when you are asked for the components make shure you install curl, curl-devel, openssl, make, gcc, openssh, cvs, openssl-devel, wget, zlib. Run the cygwin setup program a second time if you missed something.
wget http://kernel.org/pub/software/scm/cogito/cogito-0.17.2.tar.gz wget http://kernel.org/pub/software/scm/git/git-1.3.1.tar.gz zcat git-1.3.1.tar.gz | tar xf - cd git-1.3.1 make make install cd .. zcat cogito-0.17.2.tar.gz | tar xf - cd cogito-0.17.2 make make install ssh-keygen cat .ssh/id_rsa.pub
The key that is displayed should be copied your server.
posted at: 05:13 | path: /howto | permanent link to this entry
Mon, 01 May 2006
My blog doesn't work with the additional options. I.e. you can visit it at: http://www.sandelman.ca/mcr/blog/ but, you can't get the RSS feed at: http://www.sandelman.ca/mcr/blog/index.rss. This seems to be a problem with AcceptPathInfo, which I haven't figured out.
http://httpd.apache.org/docs/2.2/mod/core.html#acceptpathinfo
In discussing this, I was told I am to run "vimblog", care of: http://www.jukie.net/~bart/blog/ and http://www.dmo.ca/blog/.
AHA. I had done:
> ScriptAlias /mcr/blog/ "/home/mcr/cgi-bin/blosxom.cgi" > AcceptPathInfo on
which doesn't quite work, because the mcr/blog gets spell checked to mcr/blog/, which no longer has a path part to look at.
ScriptAlias /mcr/blog "/home/mcr/cgi-bin/blosxom.cgi"
AcceptPathInfo on
Does the right thing.
posted at: 17:07 | path: /blog | permanent link to this entry
Thu, 27 Apr 2006
For some time I have run an open source friendly co-location facility in downtown Ottawa. We depended upon SDSL lines to connect us to local ISPs that also have facilities in the downtown area.
We have decided for a number of reasons not to continue as a group. There is a business case for continuing, but we are unable to commit the time required to make it work.
There are still some customers, including ourselves, that we need to deal with, and want space. We were about to move equipment into a 19" rack at Cooperix, and so I started investigating renting a cabinet somewhere.
I have decided that I will rent some cabinet space from Storm, in their Courtwood facility. http://ox.ca/eu
It's not far from my house, and we seem to have a good relationship with Storm. They have made it through some growing pains that they had two years ago, and seem far more stable than they were before. I will have 10Mb/s (likely burstable to 100Mb/s) service, and there will be a 30GB/month cap (at which point, we will have to discuss things).
I will have the following things in the cabinet:
router/firewall
primary and secondary DNS server
mailing list server/mail relay
serial console server
VPN/IPsec/OE gateway
Prices will be as follows:
$125/month for 1U server, including serial console.
$150/month for 2U server, including serial console.
$175/month for 3U server, including serial console.
Existing customers will be grandfathered at their current rate and server size for 1 year. For a very short period (until June 30), tower cases from existing customers will be transported to the new location, if you can not arrange to switch them to a rack-mount case in time.
The same IP address space will be used.
Customers who do not want to move will be credited on a pro-rated based upon April 1 termination.
As storm is also an ISP at Cooper Street, we will actually be able to transition easily, adding host routes as each system is moved. I expect the first date on which we can move things to be May 15, and the last date to be June 16.
posted at: 19:24 | path: /colo | permanent link to this entry
Mon, 24 Apr 2006
http://www.sandelman.ca/mcr/hotels/yyz-1kingwest.txt
In the end it turned out that Paul had a friend of a friend that actually did the network wiring for the hotel.
He came by after Paul sent some SMS and actually sorted out our inability to have an airport (with a second layer of NAT) or a switch attached to the hotel network.
Things worked better but the mtr was still broken.
posted at: 18:50 | path: /wifi | permanent link to this entry
Sun, 23 Apr 2006
http://righttocreate.blogspot.com/2006/04/model-railroading-patents-update.htm
This was forwarded to me, and I found it interesting.
I gather, because I didn't read all the links, that there is some program that let's you control model trains with a computer.
I'll tell you what got me into computers: wanting to do exactly that. I was perhaps 8 or 9. I had a model railroad. I saw an issue of Model Railroader where they had a TRASH-80 as the block controller for a large model railroad. That was cool.
http://www.modelrailroader.com has back issue index. Hmm. Net is too slow to bother with their http://trains.com login, etc.
The pages are like: http://index.mrmag.com/tm.exe?opt=I&MAG=MR&MO=0&YR=1979
The site is frustratingly slow. What do you expect for "tm.exe", clearly this Windows 'server' box isn't optimized for "server" applications.
I looked through 1978,1979, and 1980. I didn't find what I was looking for. It was a big, perhaps Chicago based club that had this.
Sheesh, the MIT Tech-Model railroad club ought to have tons of prior art. Question is: did they actually publish something.
posted at: 00:34 | path: /legal | permanent link to this entry
Sat, 22 Apr 2006
http://www.sandelman.ca/mcr/hotels/via-yowyyz.txt
This is on-train wifi service. Cost was $8.95 CDN for 24 hours, or $3.99 for 15 minutes, plus $0.30/minute. Or $49.95 for a month.
marajade-[~] mcr 1075 %iwconfig eth1 eth1 IEEE 802.11-DS ESSID:"opti-3464" Nickname:"HERMES I"
Mode:Managed Frequency:2.437 GHz Access Point: 00:04:E2:81:E8:0B Bit Rate:11 Mb/s Tx-Power=15 dBm Sensitivity:1/3 Retry limit:4 RTS thr:off Fragment thr:off Power Management:off Link Quality=64/92 Signal level=-32 dBm Noise level=-97 dBm Rx invalid nwid:0 Rx invalid crypt:59 Rx invalid frag:69 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
marajade-[~] mcr 1076 %ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:E0:63:81:F7:D7
inet addr:192.168.133.101 Bcast:192.168.133.255 Mask:255.255.255.0
- inet6 addr: fe80::2e0:63ff:fe81:f7d7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5785 errors:0 dropped:0 overruns:0 frame:0 TX packets:9433 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1311202 (1.2 MiB) TX bytes:1425900 (1.3 MiB) Interrupt:3 Base address:0x100
marajade-[~] mcr 1057 %mtr -r lox HOST: marajade.sandelman.ca Loss% Snt Last Avg Best Wrst StDev
- 192.168.133.1 0.0% 10 2.5 3.6 2.2 9.3 2.3
- 10.0.15.1 0.0% 10 457.0 506.1 297.0 724.6 137.4
- link1.parsons.com 0.0% 10 446.8 583.1 279.5 943.2 210.6
- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
- 500.Serial5-10.GW11.DFW9.ALT 0.0% 10 671.9 620.0 388.8 926.8 166.2
- 0.so-3-0-0.XT1.DFW9.ALTER.NE 10.0% 10 610.2 765.5 377.3 1575. 367.3
- 0.so-7-0-0.XL1.TOR3.ALTER.NE 10.0% 10 426.5 681.1 420.5 1024. 228.3
- POS1-0.XR1.TOR3.ALTER.NET 10.0% 10 549.5 739.0 397.0 1423. 307.4
- 195.ATM7-0.GW2.OTT1.ALTER.NE 10.0% 10 720.0 679.8 439.5 901.3 163.1 10. albarrie-gw.customer.alter.n 10.0% 10 615.8 700.1 488.7 841.7 133.6 11. core1.travel-net.com 11.1% 9 706.9 780.2 446.4 1197. 224.0 12. travelnet.sandelman.ottawa.o 11.1% 9 981.1 859.3 669.5 981.1 107.0 13. lox.sandelman.ca 11.1% 9 911.0 885.8 638.0 1082. 164.8 marajade-[~] mcr 1058 %
marajade-[~] mcr 1077 %whatsmyip 206.219.197.100 48643 22
marajade-[~] mcr 1078 %host localhost.com localhost.com has address 10.11.12.13
POPUP window is named:
http://www.localhost.com/signout.cgi
posted at: 14:52 | path: /wifi | permanent link to this entry
I had to change the defun muse-blosxom-new-entry, to remove the precision from the time format, getting:
(insert "#date " (format-time-string "%Y-%m-%d-%H-%M")
My bet is that this is a Xemacs v21 bug/limitation.
I installed by blosxom with ScriptAlias, pointing it directly at the CGI that I wanted run with:
ScriptAlias /mcr/blog/ "/home/mcr/cgi-bin/blosxom.cgi"
but, this fails if you append additional information to the URL, i.e. you do:
this is obviously a bug in my Apache configuration. I know that this is possible. I don't want to expose the cgi/etc. part of the path to google and archives, because that would prevent me from changing to another blog method.
posted at: 13:45 | path: /blog | permanent link to this entry
To: Customer_Relations.VIA@viarail.ca
I used wifi for the first time via your parsons.com and opti-fi.ca service on my trip from Ottawa to Toronto.
I never did get why you trialed things on the Toronto/Montreal trains, as Ottawa is where high tech is. I also want to let you know that I would have taken the overnight service from Ottawa to Toronto on this trip had you ever bothered to make the stop in Ottawa as you promised to. (I DO want to get to Ottawa 6am. It means that I don't lose a day to travel, and I don't have to leave Toronto at 5:30pm, and I don't arrive home tired)
I very much hope you consider equipping ALL of your trains with wifi, including the Montreal/Halifax run. That would be a big incentive for me to take that train, although a better connection to Fredericton is probably the major limiting factor.
Your provider needs to offer WEP/WPA service. Not for privacy --- WEP and WPA is trivially cracked, but for authentication. The web portal mess is just that --- a mess. It won't work from my wifi phone, or my wifi instant messaging appliance (it's PDA sized).
Your price is okay, but not great. I had to think about $8.95. Is it worth it. At $5.99, it's a no-brainer. Particularly since the network connection is slow.
The network connection also emerges from whatever radio/satellite system you have in Dallas Fort-Worth. This concerns me as the United States has very much different laws as to copyright than Canada. Keep my data in Canada if it is in Canada. Perhaps Ontario Hydro can help with transit across Ontario. This is important to me, and I'm willing to pay $1 more for this.
I do not in general like the web portal mess. I would prefer that my laptop just noticed that it was WPA, picked the right password and authenticated when it booted. My 802.11 phone can also do this, but it doesn't have a browser.
I am willing to use it for the initial sign on, at which point I would prefer to buy blocks of hours. I.e. $50 for 50 hours, valid for up at least 1 year.
(At 5 hours per Ottawa/Toronto trip, that's 5 round trips/year). You might just want to make this a perk at the Prestige or Premier VIA-preference level. I would also be very happy to redeem VIA-preference points for this.
Again, you need more bandwidth.
posted at: 12:58 | path: /travel | permanent link to this entry
I finally found a reasonable blogging system that I am willing to use. This uses Xemacs with "MuseMode" to either publish my entries as .HTML, or .RDF files, or it seems that I can export in blosxom format.
http://www.blosxom.com is a neat little perl CGI that seems to have all the properties I want: stores blog entries in flat files, and doesn't screw around much. I would already be running it if it was in NetBSD pkgsrc.
As it is, I guess I have to download it and install it on lox, which is hard to do from the train, as the wifi on the train is slow.
Well, maybe I should stop using an xterm to lox, and just stick to ssh.
The muse-blosxom-new-entry initialized the buffer, but it left the #date entry set to: 4Y-2m-2d-2H-2M. I think it was supposed to expand it?
posted at: 12:50 | path: /blog | permanent link to this entry
