30 December 2006

superhero/supervillain quiz

There's a pretty cool quiz at http://www.thesuperheroquiz.com/ which tells you which superhero you most resemble. I turned out to be the Hulk (70% likeness). This puzzled me until I remembered answering "all the way YES" to "do you anger quickly/easily?".

After you take that quiz, there's a link to find out which supervillain you most resemble. Looks like I have an 86% correspondence to Dr. Doom: "Blessed with smarts and power but burdened by vanity." (That latter part might sting if it were less accurate.)

28 December 2006

gmail backup

Today there was a report of some data loss for 60 gmail users. They lost all their mail, their address books, etc. Lame.

This prompted me to look into methods of backing up my gmail account. Looks like it's a simple as changing a gmail setting (enabling POP3) and setting up a POP3 account in your favorite mailer (Thunderbird, Outlook, ...). It's a straightforward procedure. It takes a while to download all your mail the first time, and thereafter it just downloads new messages. It probably wouldn't allow a user to restore a mangled gmail account, but it would at least provide an external backup of all the messages. Unfortunately, it doesn't look like this process preserves message labels.

And it looks like you can export your address book, too: click 'contacts' (left-hand panel) and then click 'export' in the upper-right.

18 December 2006

vmmouse for Linux VMWare guest

I decided to give Ubuntu a try to see what all the fuss is about. But I wasn't ready to install it on my laptop (I'm in the middle of a project in which I rely quite a bit on the laptop), so I decided to try Ubuntu in VMWare server on my desktop. Ubuntu installed OK, but the mouse didn't work well: I had to click in the VMWare window to make the mouse work in Ubuntu, and then I had to press Ctrl-Alt for VMWare to release the mouse (to use it anywhere outside the VMWare window). It was doing this even after I installed VMWare-tools.

That's a real drag, all the more so since that doesn't happen when running Windows XP in VMWare (the mouse 'just works': you can just roll the cursor in and out of the VMWare window and it works as it should).

The trick is to install the 'vmmouse' driver (which comes with VMWare-tools) in X.org in the Linux guest. (This solution comes mostly from a post by 'zaroff' on the Ubuntu Forums.)

After installing Linux in VMWare server, click VM->Install VMWare Tools... on the VMWare menu. This makes Linux think you've just mounted a CD with a couple of files on it (the 'CD' will probably show up on the desktop). Unpack the .tar.gz file, cd into the vmware-tools-distrib directory, and run the vmware-install.pl installer.

When I did this, I found that when the installer re-wrote /etc/X11/xorg.conf, it didn't put in a DefaultDepth directive in the "Screen" section, and I had to add a DefaultDepth 24 line to that section.

Next you need to install the vmmouse driver. A good start is to run the following inside the vmware-tools-distrib directory:
find . -type f -name 'vmmouse*'

You need to copy the correct vmmouse driver (depending on what version of X.org your Linux guest is running) into the X.org input modules directory. For an Ubuntu 6.10 Linux guest, I needed to copy the XOrg/7.0/vmmouse_drv.so to /usr/lib/xorg/modules/input. (A friend was having the same trouble running a CentOS 4.4 guest: he needed to copy XOrg/6.8.x/vmmouse_drv.o to /usr/X11R6/lib/modules/input/.)

Next you need to make 2 changes to /etc/X11/xorg.conf:
  1. add Load "vmmouse" to the "Module" section
  2. change Driver "mouse" to Driver "vmmouse" in the "InputDevice" section
Then restart X (or reboot).

Fedora Legacy Project Closing

I maintain several front-line servers (exposed to the Internet) which have run Fedora Core 3 (FC3) for a couple of years, and I have relied on the Fedora Legacy Project to provide security updates for those servers. The Fedora Legacy Project is a community project providing security updates to versions of Fedora and Red Hat which are no longer supported by Red Hat.

The project has gone above and beyond, and I'm grateful for their efforts.

Last Tuesday (12 December 2006) they quietly announced that they will no longer be providing updates for FC3, FC4, or any other damn thing. I say 'quietly', because I didn't hear about for nearly a week. I don't think it made digg, Slashdot, or any of the other technology-related Web sites that actually have RSS feeds. I'm not upset that they ended support--I'm happy that I was able to run that Linux distribution (especially one as volatile as Fedora) for as long as I did. But for the support to dry up with no warning (at least, I didn't see it coming), and for me to get that news less than a week before the holiday break at my work, really sucks out loud. Now I have to bust my hump to install a operating system with some measure of support on all those servers before Friday.

Thanks for all the advance notice! Happy freakin' holidays!!!!!

17 December 2006

Downloading YouTube ...

Saw this yesterday and thought it was cool. The All-In-One Video Bookmarklet lets you download videos from YouTube, Google Video, and a number of other Web sites. You save the bookmarklet (go to the above link, and then on that page right-click on the All-In-One Video Bookmarklet link and pick the bookmarking option), go to the Web page of a YouTube/Google/whatever video you want to save, and then hit the bookmark. You'll get a page which allows you to download the movie in one or more formats.

If you want to try this out, here's a link to a short and funny video about a cat with depth perception problems (remember that you'll have to go save the bookmarklet first). That video makes me laugh out loud every single time (I think it's the sound that really does it for me).


For months I've been reading about these new passports. And for months I've been meaning to go get a passport, in hopes of getting the old kind. I'm probably already too late.

The new passports have RFID chips in them. RFID stands for radio frequency identifier. An RFID chip is a small device which transmits short-range signals which uniquely identify the transmitter. This sort of thing has been used for years for stuff like electronic toll collection systems. You have an RFID transmitter in your car so that you can roll through the toll booth without stopping to pay. The toll booth electronically records your passage, and you get billed later.

Unfortunately, RFID raises all kinds of security and privacy concerns. RFID tags are useful, because they can be read so easily. No physical connection (like swiping a credit card or ID badge) is required: proximity is sufficient for an information exchange. But this means the information can be collected by someone other than the intended recipient. It's been shown over and over again that information stored in RFID tags can be read surrepticiously with inexpensive, off-the-shelf equipment. A recent example involves RFID chips in sneakers.

And now they're putting these things in passports, and the same kinds of remote information retrieval have been demonstrated. Government agencies implementing these technologies say that it's safe. But what else are they going to say? They've invested a lot of money in these systems, so they're not necessarily objective or fothcoming.

One of the things in my job that really annoys me is the "Ooooh, shiny!" mentality: people see something new, and they want it just because they thing it's cool, not necessarily because it's a good idea. This is the feeling I get about RFID in passports. I think people are jumping on a bandwagon without taking the time and effort to do reasonable risk analysis.

A number of interesting RFID countermeasures have surfaced:
Bruce Schneier has a good write-up about the new passports.

10 December 2006

Maritime movies: eating and crashing

A couple of interesting posts made it to digg.com homepage overnight. One concerns a company which makes tables for boats. These 'capstan' tables are expandable, like a rectangular table which can be enlarged by adding leaves. But these tables are round, and they get bigger or smaller just by rotating them. Check out the movie clips. (Here's the digg post w/ comments.)

The second clip shows an accident in which a boat crashes into a bridge (apparently no one was hurt). This is a moving bridge--I saw one of these at OSCON in Portland. This one isn't a drawbridge, but a 'lift' bridge: the motorway lifts straight up using cables and pulleys, leaving room for the ship to pass underneath. When watching the video, pay close attention to the bridge at the beginning of the clip. (Here's the digg post w/ comments.)

09 December 2006

interesting pictures

I took a couple of weird pictures recently.

The other day I was about to leave my apartment for work, and I saw this just outside my door. The faucet was dripping, and it made a cool-looking ice stalagmite:
ice stalagmite

And the other night I was throwing away a beer bottle (yes, I'm destroying the environment--talk to my state legislature), and it made a funny sound when it landed. When I looked at the trash can, I saw that the bottle had landed on the edge, and the bottle's tip had come to rest on the table. I thought about computing the odds against this, but then decided just to go get another beer.
beer bottle balanced on trash can

I'm in Dilbert

A co-worker referred me to the 22 November 2006 Dilbert cartoon, and I thought it was pretty funny.

03 December 2006

Yahoo TV Completely Ruined

I've used Yahoo TV listings for years. They changed it the other day, and the new version is utter crap. It used to be simple and fast. Here are a few of my more vitriolic gripes:
  1. the page loads a little bit at a time as the user scrolls down the page: so browser searches don't work, and it's very slow
  2. you can only browse in 3-hour increments: if a show starts prior to the current 3-hour block, you can see that something is showing, but you can't see what it is
  3. it doesn't remember that I only want to see my favorite channels: it defaults to showing every channel offered by my cable provider
Two digg posts about this have made it to the front page, and there's a post on Yahoo's blog about the change. The comments on all three of these are overwhelmingly critical:
I'm really hoping they'll change it back (or at least make it suck less). I admit to being generally inflexible: I typically don't like change under the best of circumstances. But this is pretty disappointing. There are several other sites offering online TV listings. Guess I'll switch to whichever one pisses me off the least.

11 November 2006

Lockpicking Guide

Locksport International (LSI) has created a pretty interesting guide to lockpicking. It talks about the techniques of picking locks and how to make the tools:

LSI Lockpicking Guide (HTML)

LSI Lockpicking Guide (PDF)

There's also lockpicking101.com, a set of forums about lockpicking.

10 November 2006

248 ways to annoy people

I thought this was pretty funny:


#216 is my favorite, with #185 a close second.

03 November 2006

Interview w/ Slackware's Patrick Volkerding

I used the Slackware distribution of GNU/Linux for several years. It was my first distribution, and I think it's a really interesting project. That distribution's creator, Patrick Volkerding, recently sat for a 90-minute interview with the Linux Link Tech Show (direct MP3 download). I'd never heard his voice before. It's a good way to waste an hour-and-a-half.

Griffith Observatory Reopens

Looks like the Griffith Observatory reopened today after a $93 million four-year renovation and expansion project. It was closed during my visit to LA a few months ago, which was disappointing. Oh, well. Maybe next time.

28 October 2006

Perils of e-Democracy

The following article details some of the hazards of electronic voting. It's somewhat long, but it's very interesting (and a bit frightening):

How to steal an election by hacking the vote

I especially like the default password of '1111' on the voting machines, and the fact that this is probably still the password on a large number of these machines. And the fact that the same key (the same little chunk of metal) will access the memory card on every single machine.

22 October 2006

20 Worst Video Games of All Time

The following article lists what the author things are the 20 worst video games ever...


And the reason I think this is blogworthy? I had a copy of the #1 game as a kid. Yeah, it sucked.

04 October 2006

Season 3 premiere of Lost

I watched the season 3 premiere of Lost tonight.

I bought season 1 on DVD a little over a year ago having never before watched the show. I was hooked after about 2 episodes. But by the time I finished watching season 1, season 2 had already started. I didn't want to come into the season partway, so I just didn't watch season 2 until I bought that on DVD about a month ago.

So tonight was the first time I'd watched Lost in prime time. I gained two pieces of insight from the experience:
  1. Lost rocks
  2. commercials suck
I'm just hoping that season 3 of Lost is better than season 3 of Alias.

13 September 2006

*NIX directory listing into MSExcel

Today a co-worker asked me to help him prepare a report of email accounts on a Linux box running postfix. He wanted a list of the inboxes, their sizes, and their dates of modification. He wanted it in a text file that he could import into a spreadsheet program. After some experimenting, we came up with the following:

ls -lt --time-style=long-iso /var/mail/
| grep -v ^total
| awk '{ print $5 "," $6 , $7 "," $8 }'
| sed -re 's/$/\r/'
> /tmp/mail_list.csv

The -lt argument to ls gives the long listing and sorts by modification date (in descending order), and the --time-style=long-iso argument ensures that the timestamp format is uniform for all files (without it, you might get one timestamp format for files younger than about 6 months and a different format for older files).

The slash at the end of /var/mail/ is also important, as /var/mail is often a symlink to /var/spool/mail/, and ls -l /var/mail lists the symlink rather than the contents of the referenced directory.

ls -l of a directory typically produces a line resembling total NNNN (where NNNN is some integer) at the beginning of the output, so the grep -v ^total filters out any line starting with 'total'.

The awk command pulls out the 5th, 6th, 7th, and 8th columns of the space-separated text and formats the output as CSV (comma-separated variable). A couple of lines of output might look like this:

41951950,2006-09-13 05:29,root
723,2006-06-13 14:37,martinez

The sed filter inserts a carriage return character (\r) in front of each newline, giving the text DOS line termination (saves us the extra step of running unix2dos on the output file).

Finally, the output is redirected to a file which can be downloaded via an SFTP client and then opened in MSExcel by simply double-clicking on the downloaded file.

12 September 2006

Unholy Version Control

Not long after lunch today my Subversion repository hit revision number 666.

My first instinct was to draw a pentagram on my computer monitor in goat's blood. It then occurred to me that I had neither a readily-available supply of goat's blood nor the means to acquire any.

It also occurred to me that drawing a pentagram on my monitor in goat's blood might make it difficult to use my computer and that my employers might find the whole thing somewhat difficult to understand.

So I just pushed along to #667.

11 September 2006

_Lost_ season 2

Last night I finished watching Lost season 2 (I bought it on DVD last week). Wow. Can't wait for season 3 to start (looks like that's on 4 October).

_Manhunt..._ by James L. Swanson

The other day I finished reading a really good book called ManHunt: the 12-Day Chase for Lincoln's Killer by James L. Swanson. I never knew (or didn't remember) that Booth wasn't acting alone: he was the ringleader of a larger conspiracy whose original plan was actually to kidnap Lincoln and take him into the Confederacy. Then when Lee surrendered at Appomatox, Booth and his co-conspirators changed their plans and created a scheme to kill not just the President, but also Vice President Johnson and Secretary of State Seward--all on the same night. In fact, General Grant was supposed to be attending the play that night in the same box as the Lincolns. If Grant hadn't changed his plans, he might have been there when Booth attacked.

It was a fascinating book. It appears to have been very well researched, and the author has a gift for narrative prose (this is coming from a reader who typically has trouble being interested in reading historical accounts).

06 September 2006

02 September 2006

LA trip

I went on vacation with friends to LA about a month ago. It was a fun trip. I flew out with L, K, A, and M on Saturday 5 August to LAX. We rented a car and drove to Valencia, where we met H and R.

I've uploaded some of my pictures from the trip to a Flickr set.

We went into Hollywood on Sunday and walked up and down Hollywood Boulevard. It was pretty cool seeing the stars on the sidewalk. I especially enjoyed the Kodak and Grauman Theatres.

Hollywood Boulevard

We ate at the Wolfgang Puck restaurant (Vert) in the Kodak Theatre. If you get the chance, try the chicken salad.

On Monday, K, L, A, and M went to Six Flags (Magic Mountain), and H, R, and I took a day trip. This was probably my favorite part of the vacation. It was very relaxing and beautiful. We had lunch at a little French restaurant in Ojai, and then we stopped and took a few pictures of the lake at Ojai. Then we went to Santa Barbara and spent an hour or so on the beach. Santa Barbara is really pretty, and I think I'd like to go back and spend some more time there. We also walked around in Ventura for a couple of hours before heading back to Valencia. That night, H, R, L, A, and I had dinner at a great place in Valencia called BJs. They have really good beer.
the lake at Ojai
the Santa Barbara beach

We spent Tuesday at Universal Studios. My favorite part was the Waterworld show. I hadn't seen the movie, because I'd heard it was pretty bad, but the live show was awesome. (I've since watched the film. Wow, it's really terrible.) I don't usually do roller coasters (translation: never), but L convinced me to ride the Mummy. It's an indoor coaster, and it was pretty fun (except that the woman sitting next to me desperately needed a shower, and she kept elbowing me in the face). We rode it twice and got pictures. We took the studio tour, and that was very cool. It was neat seeing the outdoor sets that I've probably seen in scores of movies and TV shows. That's an impressive amusement park--it's really huge.

Wednesday we moved from Valencia to Santa Monica, and we drove out to Burbank to see a taping of "The Tonight Show." That was really interesting to me. They filmed it in real time, so the whole thing just took an hour or so. The band (with Kevin Eubanks) played during the commercial breaks. I was amazed at how small the set is. They really make it seem much bigger on the show. Mariska Hargitay was supposed to be the first guest that day, but she cancelled due to a family emergency. I hadn't heard of the guests who did appear: a rather forgetable actress, a very forgetable musical guest, and an interesting fellow named Travis Pastrana, who did a double backflip on a motorbike at the X Games.

Thursday we just hung out on the the beach, lounged around at the hotel, and checked out the Santa Monica pier. That night we ate a delicious meal at
Sushi Roku at Santa Monica and Ocean.
Santa Monica beach at twilight

Friday we drove from LA to Vegas. We'd planned to fly, but that was just a day or so after the terrorist scare. None of us wanted to deal with airport security, and it was just a four-hour drive, so we braved the heat and headed into the desert. It wasn't what I expected. I guess I was expecting the Sahara with nothing but sand and dunes, but there were plants and mountains. It was really quite beautiful. We stayed at the Golden Nugget that night. E and D met us there, and it was really great seeing them. That night we walked around on Fremont Street and saw the light show.
desert near Las Vegas

Then Saturday A, H, and I flew home. We expected trouble at the airport (because of increased security measures), but it was no big deal. I think M said it was less than 30 minutes between our arrival at the airport and getting through security.

28 August 2006


Just had a nightmare. I don't remember much, but I remember that there was a woman, and she was some sort of time paradox. If I were to encounter her, it would somehow erase my own history--I'd never have existed.

I woke up, and she was standing in my room, talking to me.

That's when I actually woke up, because I think I was moaning and crying out.

What do you do when even your nightmares are stupid?

26 August 2006

Defeating locks by 'bumping'

This is probably one of the most interesting things I've read in a while. It's about defeating consumer-grade locks with a method called 'bumping', which I guess is somewhat similar to picking, but supposedly faster and more reliable. Assuming the accuracy of the article, it's scary how easily these locks can be nondestructively defeated.


At any rate, I learned a lot about how locks work.

28 July 2006

OSCON day 5

Short day today (just two morning sessions after the keynotes). Damian Conway gave a very funny keynote about patents. He's a really good speaker.

My first session was "Extreme Perl Makeover" by Peter Scott. This was another 'best practices'-type talk. The speaker suggested a couple of useful-sounding Perl modules: Text::Outdent sounds good for doing HERE documents without having to move them over into column 1, and Inline::Files lets you have several separate data sections after __END__.

Next was "Perl Hacks You Never Knew Existed" by chromatic. Just about everything he said went right over my head. But his talk got me interested in the Attribute::Handlers and Attribute::Method modules, which implement the subroutine attributes that I've seen in Catalyst and Class::Std. I managed to overcome the urge to get chromatic to sign my new copy of Perl Testing: A Developer's Notebook.

27 July 2006

OSCON day 4

One of this morning's keynote speaker was a fellow named Jason Scott. He made a documentary about the online bulletin board systems of the 1980s. His Web site is www.textfiles.com.

Some pretty cool sessions today. The first was "Subversion Best Practices" by Ben Collins-Sussman and Brian Fitzpatrick (both from google). A lot of what they said I'd gotten from the documentation. But they talked about a couple of features I hadn't heard of: autoversioning and autoprops. And they described a neat trick involving making the document root of a Web site be a working copy of a project, with a hook such that the working copy is updated whenever there's a change in the repository.

Next was "Low-Maintenance Perl" by Perrin Harkins. Most of his talk was along the lines of "don't do this in your code". Most of the things he discouraged were things I hadn't heard of or knew to be generally 'bad'. So that was somewhat encouraging. Damian Conway and Larry Wall were both in the audience--if this made the speaker nervous, he didn't show it.

After lunch (which was provided by OSCON [Aramark]), I went to "SQL Outer Joins for Fun and Profit" by Bill Karwin. He solved several interesting problems with outer joins. He used a syntax that I hadn't really seen before: he put row-elimination statements in the ON clause, stuff I'd only ever seen in WHERE clauses. He pointed out that the WHERE clause isn't evaluated until after the join, so it's often quite beneficial to eliminate rows in the ON clause (fewer Cartesian products that way).

Next was "Writing Maintainable Code with PHP" by Laura Thomson from OmniTI. I actually found her point of view a little puzzling. She said that, in general, she doesn't like frameworks, database abstraction layers, or templating engines. As I've come to rely pretty heavily on the latter two and am interested in starting to use the former (I have yet to find a PHP framework that I don't hate), I have trouble understanding how code which doesn't use any of those components is more maintainable than code which does delegate those tasks. But overall I thought it was a good talk, and she made lots of good arguments for creating a set of coding guidelines for your organization (how variables are named, how code is indented, documentation templates, lots of other stuff).

Then there was "Understanding ZFramework" by John Coggeshall. I confess that I sort of zoned out after I learned that the Zend Framework requires PHP 5 (I'm kind of stuck with PHP 4). However, it looks like ZF has a nice input validation component written by Chris Schiflett.

Finally, I went to "The Conway Channel 2006" with Damian Conway. He talked about a couple of modules he's been working on: List::Maker and Contextual::Return. C::R looks particularly cool. It does what wantarray() does, but also distinguishes between the different possibilities in scalar context (a string, a number, a hashref, an undef, etc). The module has lots of neat features and is very flexible.

Powell's bookstore was one of the exhibitors/vendors, and they were offering a 35% discount. So I bought a copy of Perl Testing: A Developer's Notebook. It's ordinarily around $30, and I got it for around $20.

And I talked to my high school buddy for around an hour. Sure enough, he's getting married. It was really good talking to him. I hope I'll be able to go to the wedding.

26 July 2006

OSCON day 3

Started the day by learning that my workstation at work probably has a bad hard drive. When my officemate rebooted it, he saw those two magic words...

kernel panic

Oh, well. I've (probably) got good backups.

I attended several sessions today. The first was about compiling a kernel to improve speed (only the drivers you need) and security (so a cracker can't load kernel modules--the speaker advocated a monolithic kernel, if possible). The speaker (Steve Suehring) mentioned a security-related patch called grsecurity, which sounds interesting. I wonder how it compares to the openwall kernel patch (hmmm, guess that's just for 2.4).

Next was "Maximum Netfilter" by Michael Rash of Solirix. He talked about several netfilter-related programs. fwknop does something called single-packet authentication, which is a more secure (albeit less convenient) version of port-knocking.

Then I went to "The Madness of AJAX" by Andrew van der Stock (it was about AJAX security). That was actually a little scary. Not because of anything that I've coded or something a co-worker has coded (I don't feel the need to run home and rewrite a bunch of AJAX), but the speaker did several demonstrations which were just spooky. Looks like several of the PHP AJAX toolkits have significant input validation problems, which are a little too reminiscent of register_globals. I'd like to buy a book on the subject, but there don't really seem to be any books on AJAX security (too new, I guess).

I finished out the day by attending the Perl lightening talks (a bunch of 5-minute presentations). It was sort of a strange potluck, punctuated by a rather bizarre performace called "A Perl module installation in 5 unnatural acts". But it gave me a few things I'll want to read about later: App::Ack (source code searches), Perl::Critic ('use strict' on methamphentimines), and stubmail.com (a re-implementation of SMTP by the SPF guy).

And I got voicemail from an old high school buddy of mine. Haven't heard from him in nearly 5 years. I suspect that he's renewing contact to send me a wedding invitation (good for him, if that's the case [good for him, in any case]). Maybe we'll be able to stay in touch this time.


Another couple of tutorials today. The first was "Advanced Perl DBI" by Tim Bunce. He showed up 15 minutes late, which was fairly annoying. But it was otherwise a good session. I learned lots of interesting and useful things. For example, fetchrow_arrayref() is faster than fetchrow_hashref(). And not a little bit faster, but several times faster. I like the convenience of fetchrow_hashref(), so that I can reference column values by name, rather than array index. But I learned that I can get much the same effect (and much more efficiently) using fetchrow_arrayref() and bind_columns().

I also learned that the DBI has built-in profiling capabilities, and prepare_cached() can be used in place of global statement handles.

The afternoon session was about testing Web applications. Part of the tutorial was about Grinder, a free load-testing tool (apparently, most such tools cost obscene sums of money). It looks pretty hard to use, but might be helpful. But most of the session was about a unit-testing tool called Selenium, which is also free. By contrast, it looks pretty easy to use. I downloaded it and ran the default test suite in Firefox. Two of the tests failed: they dealt with popup windows, which Firefox blocks by default. I then disabled popup blocking and re-ran the suite, and all the tests passed. Pretty cool.

Looks like my workstation at work has gone crazy. The kernel thinks that all the filesystems are read-only. I can't even reboot the thing remotely--I'll have to get my officemate to do it manually tomorrow. I never had this problem with Slackware, but I've now seen it three times with RedHats (twice on Fedora and once on CentOS). I'm wondering if it's LVM. I've never actually really used LVM features (like resizing a partition), so maybe I should go back to normal partitions.

The restaurant here in the hotel has an amber ale on draft called Drop Top. It's yummy.

24 July 2006

OSCON day 1

I'm at OSCON this week. I flew here yesterday (without incident). There were at least three other OSCON'ers on the DFW->PDX flight. The goodies aren't as cool this year: the bag is a canvas tote (we got nifty backpacks last year), and there were no really fun toys inside. Oh, well. I registered early, so I got the _AJAX Hacks_ book.

The wireless access is pretty spotty. I remember it being more reliable last year. Maybe it'll improve as the week goes on. The internet connection in my hotel room didn't work yesterday afternoon, but it's good now (it's how I'm doing this).

My room is a lot smaller this year (which is fine). But it's a nice view--I can see Mt. Hood. We actually flew right past Mt. Hood on the way in yesterday (I was surprised by how close the plane flew to the mountain).

This morning's tutorial was MySQL optimization. It was very informative. The speaker took the approach of optimizing queries over server configuration tuning (although he talked about that, too). Lots of good information. Looks like there's a possible InnoDB replacement engine coming out later this year called Falcon--that's good news, in case Oracle changes the InnoDB licensing or something (that came up in a question this morning--the speaker [Jay Pipes] said that it's "business as usual" for two years).

This afternoon was 'Higher-Order Perl' by Mark-Jason Dominus. He's really funny. The first half of the talk was really good (lots of the second half went right over my head). He talked about iterators, which was very interesting (good alternative to File::Find). He started his talk (which he gave barefoot) by throwing two chairs off the podium.

13 June 2006

Perl's Class::Accessor

If you find yourself writing a Perl module for a class with a large number of attributes and a correspondingly large number of accessors and mutators ('getters' and 'setters'), you might want to try Class::Accessor. With Class::Accessor as a base class, your module can just declare its attributes, and Class::Accessor will generate all the accessors and mutators (and the constructor) automatically.

(Your Perl distribution may not include Class::Accessor, in which case you'd need to install it from CPAN.)

Here's an example of how you might use Class::Accessor:

package MyPerson;
use base qw/ Class::Accessor /;


Then in your Perl program:

use MyPerson;

my $person = MyPerson->new(
fname => 'Homer',
mname => 'Jay',
lname => 'Simpson',
birthdate => '1 January 1970',

my $birthdate = $person->birthdate(); # $birthdate is now '1 January 1970'
$person->address('742 Evergreen Terrace, Springfield'); # sets the address attribute

Note that you didn't have to explicitly write a constructor--your code just gives new() a hashref of the attributes you want to set.

You can now even use MyPerson as a base class. Another package can inherit from MyPerson and add its own attributes:

package MyCustomer;
use base qw/ MyPerson /;


The documentation for Class::Accessor is worth reading--it offers ways to declare read-only and write-only attributes (the former would only have accessors, and the latter would only have mutators).

04 June 2006

Lightswitches are evil

I really hate standard lightswitches.

Evidently, I have this irrational, deep-seated aversion to touching lightswitches. Dunno why. But when I want to turn one on or off, I just naturally swing at it with the intention of barely and briefly touching it with my fingertip.

Trouble is, I usually miss. Which angers me. So I swing at it again, only harder, to punish it for evading me. So, of course, I miss again, which angers me more. This continues until I typically end up hitting the lightswitch with a shoe or something.

If I had any sense, or if I were a normal person, I'd just calmly and sanely sweep my whole hand down (or up) over the lightswitch. But that apparently entails more physical contact than my neurosis can withstand.

Maybe I need one of these: http://www.gogglemarks.net/index.php?action=display&tag=fightswitch

28 May 2006

Recovering Grammer Snob

I just read June Casagrande's _Grammer Snobs Are Great Big Meanies_ (Penguin, 2006). It's a guide to avoiding common grammatical errors and to dealing with people who think they know more about the English language than they actually do.

The book is awesome: very helpful, and very, very funny. It's only about $14 retail, and worth every bit. I borrowed it from the library, but I'm going to buy a copy. (The book has a website at http://www.grammarsnobs.com/.)

Here are a few notes (to myself) that I jotted down while reading the book.

'correct' (perhaps not unanimously):
preventive (not preventative)
'entitled' for rights/privileges, 'titled' for the name of a book

The _Chicago Manual of Style_ (used for books) recommends using the Oxford comma. The _AP Stylebook_ (used for newspapers [and, arguably, blogs]) recommends omitting the Oxford comma. (The Oxford comma is the second comma in the following sentence: This blog is simultaneously pedagogical, pedantic, and pedestrian.)

Newspapers tend to use _Webster's New World College Dictionary_ (too bad for colleges of the old world), and books tend to use the _Merriam-Webster Collegiate Dictionary_.

A screed is a long discourse. And a cool word.

Use 'which' for nonrestrictve clauses, and 'that' for restrictive clauses:
  1. This blog, which has a silly and misleading title, will be useful and/or interesting to a very small number of readers (on a good day).
  2. The _Best of Blondie_ CD that I bought last night is really bitchin'.
'prurient' means interesting (even lurid). 'purient' (to my dismay) does not appear to be a word at all. (I blame dog food manufacturers.)

24 May 2006

Web 2.0 URLs w/ Apache

(Yes, the term 'Web 2.0' is ridiculously overhyped.)

Let's say you have a Web application which takes two optional GET variables v1 and v2. Let's assume that v1 is always an integer and that v2 is always a character string. We'll also assume that a DirectoryIndex index.php directive has been applied:


And let's say your application has an administrative interface in an 'admin' subdirectory:


Try putting the following in your Apache configuration (this assumes that mod_rewrite is enabled):

RewriteEngine on
RewriteBase /somedir
RewriteRule ^admin - [L]
RewriteRule ^(\d+)/([a-z]+)/?$ /somedir/index.php?v1=$1&v2=$2 [L]
RewriteRule ^([a-z]+)/(\d+)/?$ /somedir/index.php?v1=$2&v2=$1 [L]
RewriteRule ^(\d+)/?$ /somedir/index.php?v1=$1 [L]
RewriteRule ^([a-z]+)/?$ /somedir/index.php?v2=$1 [L]

(You could put this in an .htaccess file if your Apache configuration applies an AllowOverride FileInfo directive to this part of your content area.)

You application should now be accessible by any of the following URLs:


The first and second URLs should set both variables, the third URL should set v2 only, the fourth should set v1 only, and the fifth should set neither (the fifth URL should still run the application because of the DirectoryIndex index.php directive).

Of course, it doesn't have to be '27' and 'hello'--it can be '42' and 'foobar', or whatever.

And your admin interfaces should still be accessible as before (the dash in the 'admin' RewriteRule means 'no alteration').

In the example I've used PHP as the hypothetical Web application, but the language doesn't matter--this is all Apache magic. But if you want to test this with some PHP code, try this in index.php:

header('Content-type: text/plain');
$v1 = '';
$v2 = '';

if ( isset($_GET['v1']) && $_GET['v1'] ) {
$v1 = $_GET['v1'];
printf("v1 is %s\n", $_GET['v1']);
else {
printf("v1 not set\n");

if ( isset($_GET['v2']) && $_GET['v2'] ) {
$v2 = $_GET['v2'];
printf("v2 is %s\n", $_GET['v2']);
else {
printf("v2 not set\n");

_X-Men: The Last Stand_

I got to see a preview screening of the new X-Men movie last night. It was awesome. Overall I think I enjoyed the first two films more. I think they tried to do too much and introduce too many characters in this film. But it was still awesome. I even liked Kelsey Grammer as Beast (I didn't think I would).

Make sure you stay until the bitter end. Sit through the credits, and don't leave the theater until the projector turns off.

04 May 2006

Perl programming in joe

I do a lot of Perl programming, and I use joe (Joe's Own Editor). I've defined a few macros that I found pretty useful when scripting. Just add the following macro definitions to your .joerc file (do a text search in .joerc for 'Macros:', and add the lines there-ish):

:def comment filt,"sed -e \'s/^/#/g\'",rtn,tomarkb,markk,prevpos
:def uncomment filt,"sed -e \'s/^#//g\'",rtn,tomarkb,markk,prevpos
:def perltidy bof,markb,eof,markk,filt,"perltidy",rtn,bof,markk

comment ^K 1
uncomment ^K 2
perltidy ^K 3

The first macro comments out a section of text by putting a '#' at the beginning of each line of the section. To use it, just go the the beginning of the section you want to comment out and do 'Ctrl-K b', move to the end of the section and do 'Ctrl-K k', and then do 'Ctrl-1'. It'll comment out those lines, disengage the block (so that the section of text will no longer be highlighted), and return the cursor to the previous position (probably the end of the section of text).

The second macro does just the opposite by uncommenting a section of text.

(You could probably replace the '#' in the macro definitions with a pair of forward slashes for programming in PHP or JavaScript.)

The third macro applies the 'perltidy' program to the entire file (not just a highlighed section). Of course, you'll need perltidy installed for this to work. It's in the Fedora Core extras, and the project home page is http://perltidy.sourceforge.net/.

14 April 2006

the Golden Ratio and the Fibonacci series (Perl program)

I've been re-reading Dan Brown's The Da Vinci Code lately, and I was intrigued by the Golden Ratio and how it relates to the Fibonacci series. The Fibonacci series is such that each term is the sum of the previous two terms:
1, 1, 2, 3, 5, 8, 13, ...

The ratio of consecutive terms in the Fibonacci series converges on the Golden Ratio, which has a value of approximately 1.618. It also shows up in a geometric analysis of the pentacle. These properties are discussed in mathematical detail on the following Web pages:

the Golden Ratio
pentacle geometry

I wanted to see this from a computational point of view, so I wrote a quick Perl program to compute the Fibonacci numbers and ratios out to around 100 terms. The program prints out deviations from the Golden Ratio, and the output shows a near-zero deviation after less than 40 terms.

#!/usr/bin/perl -w

use strict;
use diagnostics;

my $GOLDEN_RATIO = 0.5 * (1.0 + sqrt(5));

my ($previous_term, $current_term) = (1, 1);
my $iteration_number = 1;
while ( $iteration_number <= $NUM_ITERATIONS ) {
my $new_term = $previous_term + $current_term;
my $ratio = $new_term / $current_term;
my $deviation = abs($GOLDEN_RATIO-$ratio) / $GOLDEN_RATIO;
printf "% 3d: %e\n", $iteration_number, $deviation;
$previous_term = $current_term;
$current_term = $new_term;

06 April 2006

seeing 'svn diff' output while editing the commit log in joe

I use subversion and I use the text editor joe (http://sourceforge.net/projects/joe-editor/). I've got the following in my ~/.bashrc file, so that joe is the editor that's launched when I type 'svn commit':

export VISUAL="/usr/bin/joe"

(export SVN_EDITOR="/usr/bin/joe" also works, if you've already got VISUAL set to something else.)

I like being able to look at the output of 'svn diff' while I edit the commit log entry, and I've found two ways of doing this (I'm still figuring out which I like better).

The first way is to redirect 'svn diff' to a file, edit the file (putting the log entry in the file), remove the 'svn diff' output from the file, and then use that file as the log entry when committing:

$ svn diff > ~/commit.txt
$ joe ~/commit.txt
(compose the log entry at the top of the file,
and delete the 'svn diff' output)
$ svn commit --file ~/commit.txt
$ rm ~/commit.txt

The second way is to pull the 'svn diff' output into the editor below the 'This line, and those below, will be ignored' line. Then I just compose the log entry at the top of the file and then quit-and-save. In fact, this can be done with a joe macro. Try adding this to the 'Macros' section of ~/.joerc:

:def svndiff eof,insf,"!svn diff",rtn,bof
svndiff ^K 4

Then, next time you want to commit, just type 'svn commit' and do a '^K 4' in joe. That'll add the 'svn diff' output at the bottom of the file and return the cursor to the top of the file.

The second approach requires fewer keystrokes. The only drawback I've noticed is that if you decide you want to abort the commit and you've already saved your edits, you need to be sure to delete the svn-commit.tmp file before exiting joe, or the commit will proceed with whatever's saved in the svn-commit.tmp file.

28 March 2006

grabbing HTTP headers

Sometimes it's useful to inspect the HTTP response headers from a Webserver (for example, to know if the Webserver is running Apache, IIS, or something else). Most Web browsers have some sort of 'Page Info' feature which will display the response headers. But it's often more convenient to do it from the command line.

The text-only browser lynx has a nice feature for this. Typing the following command will dump the HTTP response headers to the screen without displaying the content of the www.example.com homepage:

lynx -dump -head http://www.example.com/

wget can also do this. wget ordinarily downloads the Web content to a local file without displaying response headers. The following will show the headers and discard the content (-S displays the headers, and -O diverts the output here to /dev/null):

wget -S -O /dev/null http://www.example.com/

The curl utility can do much the same thing (note that this is a lower-case o to specify the output destination, and there a bare hyphen after the -D, indicating that the headers should be written to stdout):

curl -D - -o /dev/null http://www.example.com/

netcat offers a fourth way of getting the headers by allowing you to hurl a custom HTTP request at port 80 on the Webserver:

printf "HEAD / HTTP/1.0\n\n" | nc www.example.com 80

The previous example would only work for HTTP. For HTTPS, you can do a similar trick using the s_client mode for the openssl utility (this example uses an HTTP v1.1 request, which requires a host request header):

printf "HEAD / HTTP/1.1\nhost: www.example.com\n\n" \
| openssl s_client -ign_eof -connect www.example.com:443

The -ign_eof keeps the connection open so that the s_client will see the printf output: this also requires manually closing the connection (Control-C should do it). Additionally, you may get certificate verification errors from openssl. If so, try specifying your system's certificate authority bundle (which contains the public keys of a list of trusted certificate authorities, and which may be in a different location that this example):

printf "HEAD / HTTP/1.1\nhost: www.example.com\n\n" \
| openssl s_client -ign_eof \
-CAfile /etc/pki/tls/certs/ca-bundle.crt \
-connect www.example.com:443

24 March 2006

sorting files by modification date

At times I've found that I need to sort the contents of a directory by modification date. If all the files are in a single directory, 'ls -lt' will do the trick. But it's not so easy if the files are scattered through an arbitrarily complicated directory structure. So I've saved the following shell script in ~/bin/file_epoch.sh (and made it executable w/ 'chmod 700 ~/bin/file_epoch.sh'):

mod_time="`/bin/ls --full-time \"${file_name}\" \
| awk '{ print $6,$7; }' | cut -d'.' -f1`"
epoch="`date -d \"${mod_time}\" +%Y%m%d%H%M%S`"
echo "${epoch} ${file_name}"

The script takes a single filename as its argument, and the output is something like this:

20060324152639 /path/to/some/file

Then when I need to sort the files, I just do this:

find /path/to/directory/structure -type f \
-exec ~/bin/file_epoch.sh {} \; | sort -rn

This runs the script on every file in /path/to/directory/structure, and piping the output to 'sort -rn' sorts the files in chronological order (from newest to oldest).

22 March 2006

current year (e.g., for copyright) in TT2 templates

If you are using the Perl Template Toolkit and want the template always to display a copyright notice giving the current year, just include the following in your template:

&copy; [% USE date %][% date.format(date.now, '%Y') %]

It uses the Template::Plugin::Date plugin.

Using GPG as a password wallet

I have too many passwords. In fact, I make many of my less-used passwords by grabbing the first 10 or 12 characters of output from something like this:

dd if=/dev/urandom bs=1k count=1 | md5sum

So I get passwords like '1758dbed4331'--no way I'll remember that.

For a while I tried using a nice text-based password wallet program called the Password Management System (PMS--yes, it's a very unfortunate acronym). I learned about this from a Linux Journal article by Marcel Gagne. I built it from source and used it on FC3 for months.

Then I upgraded to FC4. I rebuilt PMS from source and tried reading the previous PMS data files (two data files in my home directory, as I recall). I kept getting segmentation faults. PMS on FC4 worked OK on new data, but it wouldn't read the old data. Some weird incompatibility in the libraries, I guess. So I had to build PMS on another FC3 box, run it, and copy-and-paste all my passwords out of PMS and into a text file. Lame. Hella lame.

So now I just stick with that text file, but it's encrypted by gpg:

gpg -c passwords.txt

When prompted, I gave it a good password. Now, when I need to look up one of my passwords, I just do this:

cat passwords.txt.gpg | gpg | less

Because the output is in 'less', I can even do text searches (each username/password pair is accompanied by some text describing where the password is used). When I've looked up whatever password I need, I just hit 'q', and I'm done.

trick for hosting large DVD ISOs on Apache

I recently needed to make a large file (a DVD ISO) available from a Webserver running Apache. The ISO was around 3.1GB, and Apache wouldn't serve it (the file wouldn't even show up in the mod_autoindex listing).

So I split up the original file into smaller chunks:

split -b 1073741824 huge_DVD.iso

This created 4 files called xaa, xab, xac, and xad. The first three were 1073741824 bytes each, and xad was around 31MB. I renamed the files (in order) to huge_DVD.chunk1, huge_DVD.chunk2, huge_DVD.chunk3, and huge_DVD.chunk4.

I posted the 'chunks' to the Webserver along with a text file containing the SHA1 checksum of the original file. The original file can be reassembled and its checksum computed in a single read by running the following command (after downloading the chunks):

cat huge_DVD.chunk* | tee huge_DVD.iso | openssl dgst -sha1

17 March 2006

bad blogger, no cookie

I haven't been very good at updating this silly thing, have I?

30 January 2006

Initial post

Blogs seem to be getting pretty popular, so I thought I'd try one.

Here's my first post. It's really dull. Oh, well. It may get better (but probably not).

By the way, I don't much care for wine, I just thought the title was a clever pun (no, in fact, I don't get out much).