31 December 2007

Ubuntu asking for the CD to install software

Sometimes I ask apt-get or synaptic to install something, and it asks for the CD. Turns out that this is an easily-remedied nuisance. A fosswire post (which I found by way of fsdaily) gives a GUI-based solution. An equivalent solution is to comment out the line in /etc/apt/sources.list which starts w/ 'deb cdrom:' (that's probably line 1).

30 December 2007

Ubuntu firewall

This post offers a way of telling your Ubuntu system to set up a simple firewall at boot time. It assumes that you have a single network adapter called eth0.

I saved my firewall rules (in iptables-save format) to /etc/network/fwrules. My firewall rules are fairly specific to my setup, but the following might serve as a good starting point if you want to try this:

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

And then I just saved the following to /etc/network/if-pre-up.d/fw:


iptables-restore < /etc/network/fwrules

(Be sure to make this file executable: sudo chmod 755 /etc/network/if-pre-up.d/fw).

This loads the firewall rules prior to bringing up the network interface, so that the firewall is in place by the time the network connection is active.

28 December 2007

udev in Ubuntu

This post will be a recipe for configuring udev in Ubuntu so that if you plug in a USB storage device (like a flash drive, an MP3 player, etc.), it will get a consistent and predictable device name which you can attache as a non-root user to a fixed mount point. I'll be using my new Verbatim thumb drive as an example.

Plug in the flash drive, wait a few seconds, and type 'dmesg | tail'. The last few lines should show the USB system detecting the device and giving it the first available device name. In my case, the flash drive got /dev/sdd. Next, ask udevinfo for details about the device:
udevinfo -a -p $( udevinfo -q path -n /dev/sdd ) | less

Page through the output looking for the device's values for idVendor and idProduct. The udevinfo output for my thumb drive contained the following lines:


Next thing is to tell udev about the device. Create a udev rule file (I used /etc/udev/rules.d/99-thumb.rules) with something like the following:

SUBSYSTEMS=="usb", SYSFS{idVendor}=="13fe", SYSFS{idProduct}=="1e23", NAME="thumb", MODE="0660" OWNER="mbrisby" GROUP="mbrisby"

(Naturally, replace mbrisby with your username and group name.) You may need to run udevcontrol reload_rules to tell udev to read the new addition into its in-memory ruleset.

Now you can make a mount point:

$ sudo mkdir /media/thumb
$ sudo chown mbrisby.mbrisby /media/thumb

Finally, add the mount point to /etc/fstab:

/dev/thumb /media/thumb vfat user,noauto 0 0

And from now on, you should be able to plug in the thumb drive, wait a couple of seconds, type mount /media/thumb, and start accessing the files at /media/thumb.

27 December 2007

fetchmail in Ubuntu

I recently wrote about using fetchmail for gmail. In the meantime I've switched my main desktop (at home) from CentOS to Ubuntu. Ubuntu's fetchmail build is a bit more picky about SSL certificates than the CentOS build, so this post will describe some of the changes I had to make to my ~/.fetchmailrc file.

(By the way, fetchmail should work OK without these changes, it'll just whine about the certificates.)

First I needed to install the ca-certificates package from the Ubuntu repositories, and then I needed to change the gmail line of my ~/.fetchmailrc file from
poll imap.gmail.com protocol IMAP user "my_gmail_username@gmail.com" there with password "my_password" nofetchall keep ssl
poll imap.gmail.com protocol IMAP user "my_gmail_username@gmail.com" there with password "my_password" nofetchall keep ssl sslcertck sslcertpath /etc/ssl/certs
This tells fetchmail where to find the public certificate it needs to verify the SSL connection to the gmail server.

I also use fetchmail to check some IMAP accounts on a server using self-signed certificates, certificates which don't appear in /etc/ssl/certs. One way of doing this is to compute the IMAP certificate's fingerprint and telling that to fetchmail. If the IMAP server is imap.example.com and it's running on the standard port (993), you can use openssl to grab the certificate like this:

openssl s_client -ign_eof -connect imap.example.com:993 > imap.cert

(You may need to Contol-C to get back to the command prompt.)
Then use openssl to find the MD5 fingerprint:

openssl x509 -fingerprint -md5 -in imap.cert

The output of this latter command should contain a line starting with MD5 Fingerprint. Add the fingerprint to your ~/.fetchmailrc file with something like this:

poll mail.example.com via imap.example.com protocol IMAP user mbrisby there with password "my_password" nofetchall nokeep ssl sslfingerprint "4C:69:E2:E6:F9:6B:6C:4E:E9:8B:E1:C8:2B:B9:4F:B9"

And then just run fetchmail in cron every now and then.

25 December 2007

desktop Ubuntu

I recently converted my laptop from CentOS 5 to Ubuntu 7.10 and liked the change. So I did the same to my main desktop at home this weekend. Naturally, there were a few bumps in the road. Over the next several days I'll be posting about some of them.

But first, a couple of annoyances.

Ubuntu likes to beep. It rings the system bell a lot more than CentOS seemed to do: tab completion at the bash prompt, unsuccessful page text searches in Firefox, trying to go past the end of the file in vim, etc. It really enjoyed beeping at me, and putting set bell-style none in ~/.inputrc didn't help much.

It turns out to be a kernel module. A post in Dell's Linux desktop forums suggested modprobe -r pcspkr, and that worked right away. The post also suggests putting blacklist pcspkr in a file in /etc/modprobe.d to make the change permanent (I haven't rebooted yet, but I figure that oughtta do it.)

The other annoyance is that Ubuntu's grep isn't compiled with libpcre support (that's the Perl-compatible regular expression library). One of the bash scripts I use for backups has a grep -P in it. The -P options tells grep to regard the search pattern as a Perl-style regex. This gives the following charming error message:

The -P option is not supported

Someone else noticed this and filed a bug report. Looks like the Ubuntu developers aren't interested in fixing it in this version. Someone suggested installing the pcregrep package, but this has a few problems:
  1. the binary is installed as /usr/bin/pcregrep
  2. pcregrep doesn't have the same performance or options as grep
  3. oddly, pcregrep doesn't accept the -P option (you'd think it would just ignore it)
So pcregrep is hardly a drop-in replacement for grep, even if you rename the binary to /bin/grep.

As it happens, I got lucky. My the regex in my bash script is dull enough that I was able to replace grep -P with egrep. But if you use something more sophisticated, you'll have a harder time of it.

But all in all, I'm enjoying my shiny new Ubuntu installation. I'll be back later to yammer on about using udev, fetchmail, iptables, and maybe some other stuff in Ubuntu.

11 December 2007

Inspekt PHP library

A recent post on the Planet-Websecurity.org blog got me interested in Inspekt. It's a secure input validation library for PHP. It reminds me a bit of Perl's taint switch, in that Inspekt prevents you from directly using $_POST, $_GET, and their ilk.

Looks like it hasn't really hit release status yet, but I think it's going to be worth watching.

06 December 2007


I finally gave Ubuntu a try recently. I'd previously tried it as a VMWare Server guest and hated it. But that probably wasn't a fair shake, so I installed it on my laptop last week. I was really impressed by how easy it was to get everything set up. It only took a few hours to get it installed and pretty highly customized with some of my favorite packages, including gtkpod, grip, easytag, mplayer, fluxbox, VMWare Server, gkrellm (and a few of its plugins), and grisbi.

About the only thing that really took a while was getting fluxbox to work, and that's because Ubuntu does it rather differently than CentOS (what I'm used to). It took me a little while to realize that I needed to be using ~/.fluxbox/startup rather than ~/.Xclients, and it took me forever to cotton on to the fact that the ~/.fluxbox/keys syntax had changed between v0.9.x and v1.0.x. I'd never had the following three lines in my keys file before, but they're pretty important (you can't easily get to the fluxbox menu without them):

OnDesktop Mouse1 :HideMenus
OnDesktop Mouse2 :Workspacemenu
OnDesktop Mouse3 :RootMenu

About the only thing I couldn't do was install native drivers for one of my wireless cards. I have two cards: a Linksys WPC11v4 802.11b card and a Netgear 802.11g card. The Linksys card has open-source drivers which support monitor mode (so that I can run kismet), while the Netgear card only has Windows drivers. It was very easy getting ndiswrapper and wpa_supplicant set up for the Netgear card, but I never got the Linksys drivers working. Looks like other people have had the same trouble, and the solution may be to try a different kernel. Oh, well.

Anyway, it was all pretty easy, and I may start using Ubuntu on all my desktops. And O'Reilly's Ubuntu Hacks was pretty helpful.

05 December 2007

fetchmail for gmail

If you have lots of email accounts, it can be a real pain checking all of them. But if you're running a mail server on a Linux box somewhere (like postfix on your workstation at home, for example), you can use fetchmail to download the messages from your IMAP and POP3 mail accounts. That way, all your mail is in one place (and you only have to go to one place to read it).

gmail recently added IMAP support (it's one of the tabs under Settings). Once you enable IMAP support in your gmail account, you could add something like the following to your ~/.fetchmailrc file:

poll imap.gmail.com protocol IMAP user "my_gmail_username@gmail.com" there with password "my_password" nofetchall keep ssl

nofetchall just gets the new messages, keep prevents fetchmail from deleting the messages off your gmail account (so that you can still read them by logging on the gmail), and ssl keeps your password encrypted when fetchmail connects to gmail. Then just run fetchmail -s in cron every now and then.

Something to keep in mind is that although this won't delete your messages from gmail, it'll mark them as read. So if you log in to gmail, new messages won't look new, they'll look read (because fetchmail has read them).

23 November 2007

Bats in the belfry

The other day I read that DC Comics is planning to 'promote' Bruce Wayne to the ranks of the New Gods. Despite the departure of Bruce Wayne, there will still be a Batman to watch over Gotham City. The role will be filled by Jason Todd, the second Robin.

Jason Todd was murdered by the Joker (beaten to death with a crowbar, if memory serves).

If the last couple of paragraphs don't make any sense to you, then you and I are of like mind.

This sounds like a publicity stunt to me, like when DC briefly killed Superman in the early 90s.

Guess they're running out of ideas over there.

19 November 2007

Lame OpenDocument Foundation Blathering

I recently wrote about some strange announcements from the OpenDocument Foundation (which has since totally dissolved), and I said I didn't know what that meant for the OpenDocument format (ODF).

Not much, it seems. An Antic Disposition post has clarified the matter somewhat:
The adoption of the ODF standard is promoted by several organizations, most prominently the ODF Alliance (with over 400 organizational members in 52 countries), the OpenDocument Fellowship (around 100 individual members) and the OpenDoc Society (a new group with a Northern European focus, with around 50 organizational members). To put this in perspective, the OpenDocument Foundation, before it changed its mission and dissolved, had only 3 members.

17 November 2007

Origin of Kryptonite

According to Wikipedia, Kryptonite (a fictional mineral, the green variety of which is toxic to Superman) was originally introduced in 1943 (about five years after Superman's first appearance in comic books) in the radio show. It was a plot device used to allow the actor portraying Superman the opportunity to take some vacation time.


13 November 2007

trac: backups, Gantt plugin, concluding remarks

This is the third installment of a series on trac, Web-based pr0ject management software. The previous segments talked about installing and using trac.

trac comes with a command-line utility called trac-admin, which can (among other things) perform backups of individual trac projects. The following is a shell script you could put in /etc/cron.daily to back up all your trac projects each night:



TODAY=$( date +%Y%m%d%H%M%S )
for i in $TRAC_ROOT/*
DEST=$TRAC_BAC_ROOT/$TODAY/$( basename $i )
/usr/bin/trac-admin $i hotcopy $DEST
rm -rf $DEST

This uses the trac-admin hotcopy feature to make a compressed archive of each individual project (putting them in time/date-labeled directories in /var/trac_bac).

This series discussed the WebAdmin plugin. I also tried the TracGantt plugin, which makes Gantt charts of your project. I found that I didn't much care for this plugin. You have to enter an extra four data fields for each ticket, one of which is a list of ticket dependencies (e.g., completion of this ticket is dependent on completion of that ticket). The Gantt charts don't clearly display these ticket dependencies, so it seems like a wasted effort. And for a large project, the chart becomes too big for useful printouts, and the plugin doesn't offer exports in other formats. So TracGantt didn't really do it for me. shrug

In closing, I really like trac, and it's been very helpful to me in my work. Clearly, trac is designed to manage software development projects. But with a little imagination, I think it could be used quite effectively to manage just about any kind of project, even something as simple as a running 'to-do' list.

12 November 2007

Using trac

In a previous post, I described installing trac, a Web-based project management system.

Now you can go to http://myserver.org/trac/ (substituting your server's hostname, of course), and you should see a link for your project. Clicking the link takes you to that project's homepage, which is a wiki. You can use this to provide as much or as little documentation as you like for your project.

One of the first things you'll want to do is to click the Admin link (upper-right, which would not be present without the WebAdmin plugin). The main admin page lets you set the name, URL, and description of your project. Clicking the Permissions link (left-hand side) lets you change who has what permissions to the project. By default, anonymous users have just about every right--you will probably want to revoke these rights, and then just dole them out on a per-user as-needed basis (for example, you may want to give people testing your project permission to create tickets). The WebAdmin plugin also lets you manage components, versions, milestones, and other items through the Web interface (you'd otherwise have to use the trac-admin command-line tool for all that).

The Browse Source link lets you poke around in your repository, even looking at the different revisions.

But my favorite feature is the ability to create and manage tickets. Clicking the New Ticket link lets you create a new ticket, in which you can enter a description of a problem with your project, the affected version, the relevant component, etc. (most of these fields are optional). And the View Tickets link lets you run pre-configured queries to display your tickets (you can also create your own custom ticket queries, but I've found the default set perfectly adequate).

11 November 2007

Installing trac

I started using trac a few weeks ago, and now I don't know what I did without it. It's great for project management. trac is a multi-user Web-based ticket-tracking system which has a built-in wiki, integrates with Subversion, and offers a wide array of plugins.

It's written in python. Oh, well. Nothing is perfect.

Here I'll be describing how to install trac v0.10 with the WebAdmin plugin on CentOS 5. We'll pretend to be installing it at http://myserver.org/trac/ (upcoming posts will talk about using and maintaining trac).

Start by installing the trac and python-clearsilver RPMs from the EPEL repositories. This will add the /etc/httpd/conf.d/trac.conf file to your Apache configuration. I suggest replacing the default contents of that file with the following:

<LocationMatch /trac>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /var/www/trac/tracroot
PythonOption TracUriRoot /trac
SetEnv PYTHON_EGG_CACHE /var/www/trac/egg_cache
AuthType Basic
AuthName trac
AuthUserFile /var/www/trac/htpasswd
Require valid-user

(Don't forget to restart Apache to make the new configuration take effect.)

I'll be putting all the trac files in /var/www/trac (outside the Apache docroot at /var/www/html). Each trac project will have its own directory in /var/www/trac/tracroot, and the subversion repository will be at /var/www/trac/svn.

The 'egg cache' (I guess that's some wierd Python drivel) will be at /var/www/trac/egg_cache. The egg cache is for plugins. It's actually not necessary for the WebAdmin plugin, but you may as well set it up, anyway, in case you want to add other plugins. It needs to be Apache-writeable: chown -R apache.apache /var/www/trac/egg_cache.

You'll notice that I've set up Basic Apache authentication. Use the command-line htpasswd command (part of the httpd package) to create and maintain the /var/www/trac/htpasswd. In my case, I created a user called carl: htpasswd -c /var/www/trac/htpasswd carl

If you want to use the Subversion integration, put your repository at /var/www/trac/svn (either drop in a hotcopy or use svnadmin load /var/www/trac/svn). Remember to make it Apache-writeable: chown -R apache.apache /var/www/trac/svn.

To install the WebAdmin plugin, you'll need setuptools. Download ez_setup.py and run
python ez_setup.py (this is all described on the TracPlugins node of the trac wiki). This installs the easy_install utility. Running easy_install http://svn.edgewall.com/repos/trac/sandbox/webadmin should install the plugin (verify the URL on the WebAdmin wiki node). Now you'll need to enable the plugin by adding the following text to /usr/share/trac/conf/trac.ini (this file probably doesn't exist yet, so you'll be creating it):

webadmin.* = enabled

You'll probably need another Apache restart at this point (editing /usr/share/trac/conf/trac.ini seems to require an Apache restart).

And now we can actually create a trac project. We'll call it foo, for laughs:

trac-admin /var/www/trac/tracroot/foo initenv

This will ask you a few questions (I'm assuming that your Subversion repository is set up such that there's a foo item just under the repository root, and that it corresponds to this trac project):
  • project name: keep this short but descriptive
  • DB connection string: just use the default (SQLite)
  • repository type: use the default if you're doing the Subversion integration
  • repository path: /var/www/trac/svn/foo
  • templates: use the default
Your answers are used to create a project configuration file at /var/www/trac/tracroot/foo/conf/trac.ini. You can later edit this file by hand, but if you change the repository location (the repository_dir item), you'll need to run the following command:

trac-admin /var/www/trac/tracroot/foo resync

Now give yourself administrative rights to the project (using the same username you used with the htpasswd command, above):

trac-admin /var/www/trac/tracroot/foo permission add carl TRAC_ADMIN

Well, this has already run pretty long, so I'll break for now. In the next exciting episode, I'll talk a bit about actually using trac.

10 November 2007

OpenDocument Foundation reversal

At times on this blog I've discussed the open document format (ODF), an XML-based file format intended to be used in office productivity software (word processors, spreadsheets, and the like). This file format would be a completely open standard, and would compete with proprietary file format like those used in Microsoft Office.

A major proponent of this format, the OpenDocument Foundation, has evidently recently decided to dump ODF in favor of an obscure alternative called the Compound Document Format, developed by the World Wide Web Consortium. So now I really don't know what to think. I wonder if the foundation will change its name.

Microsoft (with their OOXML format) must be having a good laugh about this.

09 November 2007

perl breakage

I run a bunch of CentOS 4 boxes at work, and recent yum updates to perl caused me a lot of problems. If I tried doing just about anything in cpan, I'd get errors like this:

Use of uninitialized value in concatenation (.) or string at
/path/to/Scalar/Util.pm line 30.

and this

Undefined subroutine &Compress::Zlib::gzopen ...

After several Web searches, I found a Google Groups posting which recommended manually installing Scalar::List::Utils.

I have no idea what Scalar::List::Utils has to do with anything, but it seemed
to work. Thank you, Peter Scott.

If you try this, and the Compress::Zlib::gzopen errors persist, you could try the following (admittedly drastic) measure. It was successful for me in one case where just installing Scalar::List::Utils wasn't enough (for whatever reason). Try running the following search against your perl libraries (might be in a different directory on a non-RedHat-like distribution):

find /usr/lib/perl5/ -type f -path '*Compress/Zlib.pm'

Delete or rename the Zlib.pm files found, and then try 'install Compress::Zlib' in cpan (you may need to 'force install Compress::Zlib').

07 November 2007

06 November 2007

lock pick gun

Here's an interesting video showing someone defeating 8 locks in less than 80 seconds. The person in the video is using a lock pick gun. I'd only seen these in movies and TV before this. I don't really understand how the thing works, but it may be similar to bumping. Note the use of the torsion wrench in the video.

05 November 2007

Nuke Anything Enhanced Firefox Extension

One of my favorite Firefox extensions is Nuke Anything Enhanced. After installing this extension, right-clicking on something on a Web page gives a menu including an item called 'Remove this object'. Picking that item makes the object disappear.

This is useful sites like The Energy Blog. That's a great site, but there's always a really annoying vertical animated gif banner on the right-hand side. This extensions makes it easy to do away with such things.

04 November 2007


Every now and then I want to access content or a service on a Web site which requires registration with an email address (for example, live365.com started requiring registration a couple of days ago, and many online newspaper Web sites do this). I used to always give a fake address, for fear that the site will sell my address to spammers, or that the site will send me a bunch of promotional junk I don't want. But that doesn't always work. Sometimes the site requires a valid address so that they can send me something that I need to complete the registration. In this case, mailinator.com is a good way around this problem.

If you go to mailinator.com, it auto-generates an email address for you in the form of something@mailinator.com (you can also make up your own), and you can give that address when registering for the newspaper (or whatever) Web site. Then just go to mailinator.com and check for mail sent to that address. There's no username and password, so you wouldn't want to use it as an actual email account or for anything confidential (anyone who knows your mailinator address can read your mail). But it's a good throwaway email account, so that you don't have to give your real address.

(In fairness to live365, they don't appear to have sent me any mail at all after registering.)

03 November 2007

Power Generation with Solar Towers

The Energy Blog has an interesting post about solar towers, a method of solar power generation. The tower is surrounded by mirrors which reflect sunlight onto a receiver at the top of the tower (the mirrors move to track the sun). Fluids are pumped through pipes in the receiver for heat exchange, and the fluids are then used in steam generators.

The post contains a link to a previous post with more details about the types of fluids used for heat exchange: it's a salt mixture which is able to retain heat for power generation at night or in cloudy weather.

The process is said to be over 40% effective in converting thermal energy into electricity.

02 November 2007

Batman v. Alien v. Predator

When I read the descripti0n of this amateur film, I thought it would be pretty lame. But it's actually really cool. Very high production value, and very comic book-y.

28 October 2007

2007 Halloween pumpking carving

Hung out with friends today. We have a tradition of carving jack-o-lanterns for Halloween, and my part of the tradition is not to carve a jack-o-lantern. *shrug* It's way too messy for my delicate sensibilities. Ewwww.

This time, one of my friends convinced me to join in the fun. So here's my jack-o-lantern...

jack in the dark

One of my other friends found these really nifty little watch-battery-powered LED candles, and that's what's inside.

And here it is in the light... So, not too messy, after all.

And here's the lot. The friend who found the LED candles (she's the X-Men fan) carved the '07 Jack to mark the occasion. She's clever, that one. My favorite is the Frank Castle Jack.

Anyway, had a good time seeing friends. We listened to a really cool CD I bought this afternoon: Raising Sand by Robert Plant and Alison Krauss.

20 October 2007

USB hilarity

Here are a couple of amusing items that rolled through my RSS feeds this past week.

Next time the week seems to be dragging on a bit too long, try 'It Only Tuesday' [sic] from the Onion.

And here are some fun USB toys. I've got my eye on the fishtank.

23 September 2007


I've been using the flashblock Firefox extension for a long time. There's nothing more annoying (to me) than going to a Web site littered with a bunch of flash movies which slow the page load, distract me from the important content, or crash my browser. The flashblock extension replaces each flash movie with a link you can click to enable that flash movie, allowing you to enable only the individual movies you want to view.

The noscript Firefox extension disables all JavaScript in your browser. You can temporarily or permanently whitelist Web sites in noscript, allowing JavaScript from the sites you trust. This is a good idea: just start reading some of the stuff at Planet Websecurity if you need convincing.

Unfortunately, the two extensions are incompatible, because flashblock uses JavaScript to replace the movies (and noscript disables JavaScript). Until this week, I'd chosen flashblock over noscript, because my annoyance with flash exceeded my fear of JavaScript. I really can't defend that decision. shrug

But this week I took another look at noscript and discovered that noscript can disable flash in the same way that flashblock does. Looks like the developer(s) added that feature in version 1.1.0 (August 2005). Guess it's been that long since I'd tried noscript (or else I didn't look at the feature list very well). Anyway, I've switched to noscript.


A recent issue of Wired clued me in to dailylit.com. dailylit.com has a bunch of public domain publications (mostly classical literature) which they have carved up into bite-size chunks deliverable via RSS feed. So you can go to dailylit.com, pick a book, and subscribe to it in your RSS reader. You get a post every day (or 3 times a week, or every weekday) which you can read in a couple of minutes. It's pretty cool. I'm reading Sir Arthur Conan Doyle's A Study in Scarlet (the first Sherlock Holmes story).

There's also the feature that each post comes with a link to tell dailylit.com to release the next post (rather than waiting until the next day). This feature has a caveat if you're using an online RSS reader like Google Reader: although dailylit.com immediately puts the next post in your feed, the post won't show up in your reader until the RSS service checks the feed again (which might take hours).

Be warned that the catalog at dailylit.com isn't nearly as extensive as something like Project Gutenberg. But the selection isn't bad, and it's a neat way to read a book.

17 September 2007

Sirens of Song (Internet radio)

I'd never tried Internet radio, but became interested when I read a recent polishlinux post about how to listen to Internet radio. The post didn't say much about how to find content, so a quick google search yielded www.live365.com. live365 has lots of stations of all kinds of music. I've been enjoying Sirens of Song (which has its own site at www.sirensofsong.com).

09 September 2007

OOXML Monkey in the Wrench

I've been meaning to write about the OOXML nonsense, but just haven't had time. Microsoft failed in its recent (but probably not final) attempt to have OOXML listed as an ISO standard file format. Groklaw has the details of the vote.

The Groklaw article also discusses Microsoft's version of the results--Microsoft tried to spin it as a success. When I first skimmed Microsoft's press release (which I saw on Google News before reading any intelligent analysis), I was fooled into thinking that OOXML had passed.

There has been a lot of criticism of the ISO process, accusations that Microsoft has effectively purchased the votes that they did get. Hopefully ISO can reform some of their processes before the next vote on OOXML (which I think happens in early 2008).

DIY Laser Microphone

At times (can't think of specific examples) I've seen movies (or watched TV shows, or read novels or comic books) in which someone eavesdrops on somebody else by pointing a laser at a glass window separating the speaker and the eavesdropper: the idea is that the speaker's voice vibrates the glass in a way that the laser can detect. I figured that was science fiction, but a recent LifeHacker post suggests that it's possible, easy, and inexpensive. Pretty cool.

29 August 2007

clock drift in Linux VMWare guest

Today I installed CentOS 5 as a VMWare guest (VMWare server, CentOS 4 host) and had a few problems. The first problem was that when it came time to partition the drive, CentOS didn't think I had any storage. A helpful post on the CentOS forums pointed out that I needed to select LSI (not BusLogic) for the SCSI controller.

And then I found that the clock drift was really bad, and NTP wasn't working for some reason.

http://kbase.redhat.com/faq/FAQ_43_9259.shtm suggested adding the following line to the .vmx file:
tools.syncTime = "TRUE"

This (by itself, anyway) didn't work for me.

http://www.djax.co.uk/kb/linux/vmware_clock_drift.html suggested appending the following items to the kernel command line (in lilo.conf or grub.conf):
nosmp noapic nolapic

That worked like a charm. That article also suggested appending 'clock=pit' if the guest clock runs fast (mine was running slow).

27 August 2007


IGN has downloadable trailers for Aliens vs. Predator: Requiem. Gory, but cool. I liked the previous film--not a great movie (can't touch Alien, Aliens, or Predator), but fun. And this one looks even better. Can't wait.

19 August 2007

Dark Side of the Rainbow

Last week Leo Laporte on the This Week in Tech podcast (episode 109) mentioned something called the Dark Side of the Rainbow, which I'd never heard of before. The idea is that if you play Pink Floyd's Dark Side of the Moon while watching The Wizard of Oz, you'll see and hear a degree of synchronicity: moments where the music and the film seem to intersect.

I've got a copy of that CD, and last night I picked up a copy of the movie on DVD to try it out. All in all, pretty lame. Maybe it's more interesting if you're not sober.

Another worthless Internet rumor propagated by people with too much time on their hands (although it seems like I had enough time on my hands to try it myself *shrug*).

But last night I noticed something interesting about Toto: I don't know how that dog managed to keep so calm with all the histrionics going on around him/her while they were filming that movie.

12 August 2007

Crashing e-passport readers

An RFID expert named Lukas Grunwald presented some interesting research at the recent DefCon. Grunwald was able to read the data from the RFID tag in a US passport, clone it on a writable RFID chip, and replace the image data (the e-passport RFID tag data includes a JPEG2000-format version of the passport's owner). The new image data contained a buffer overflow exploit which Grunwald demonstrated was able to crash two RFID readers. Grunwald's point is that if the readers can be crashed by altering RFID data, the readers could probably also be exploited to do things like approving an expired passport or altering what a customs official would see on his/her screen after scanning the passport.

11 August 2007

'Customize Google' Firefox extension

I just discovered the Customize Google Firefox extension. It has a large number of user preferences which affect your use of Google services. Many of the preferences are privacy-related, including some anonimization features. It can also remove ads in some contexts, and add links to other search engines in some Google search results.

But this extension is interesting to me because it can force HTTPS traffic for Gmail and Google reader, which is especially beneficial for a laptop on a coffee shop wireless network, for example. A recent blog post on dmiessler.com makes a good argument (with packet-sniffing evidence) for encrypting your Gmail traffic. (One of the comments on that post is what directed me to the extension.)

07 August 2007

EPEL repository

A new 'extras'-type repository recently opened for Red Hat Enterprise Linux and CentOS: Extra Packages for Enterprise Linux (EPEL). It has packages for versions 4 and 5. This can supplement the extras at CentOS extras and DAG's RPMs.

06 August 2007

DNSUnpinning review process

I got email late today saying that my Firefox extension is being retained in the sandbox (staying in development) pending user reviews. So if you are so inclined, I encourage you to post a user review. As an incentive, by downloading the extension, you'll be able to view the source code for a simple Firefox extention (it's got an .xpi extension, but it's really just a zip file). So if you ever had the urge to write an extension, this might be a good place to start.

If you'd like to post a review, you can either sign up for a developer account and post the review that way (here are a few notes about that), or you can write an external review (I assume that comments to this blog would work for that). If you sign up for a developer account, you'll be able to see the extension's sandbox page. Or you can visit the project home page.

To review the extension, go to about:config and search for the network.dnsCacheEntries item. You should be able to see this item's value change between 0 and 1 when toggling the extension menu item. If you run your own DNS or aren't afraid to fiddle with your hosts file, you might be able to observe the browser caching (or not caching) IP addresses.

I don't have access to a Mac, so a review of the extension by a Mac user might be useful. And the more details your review provides, the more likely it is to have an impact on the evaluation process.

05 August 2007

DNSUnpinning Firefox extension

I wrote a Firefox extension yesterday. Nothing very exciting--it just toggles a user preference. It's called DNSUnpinning, and can disable/enable IP address caching in Firefox. This has consequences for the same-origin policy in Web browsers: some phishing-related attacks take advantage of the fact that browsers tend to cache IP addresses for 60 seconds.

I created a developer account at the Firefox Add-ons site according to the MozillaZine page about sharing extensions. If you'd like to check out the extension, it's currently available on my DNSUnpinning page. The extensions now goes into a review process, and if it's accepted, it'll start showing up on the list of official Firefox extensions.

04 August 2007

Light bulb comparison

Yesterday Neutral Existence published an interesting comparison of incandescent, compact florescent (CFL), and LED light bulbs. Looks like CFLs come out on top, with incandescent in last place. The blog post also points out that LED bulbs have less mercury in them than CFLs, and that LED bulbs may get cheaper over time.

I've never tried LED light bulbs (and only recently bought my first CFLs), but I have an LED flashlight, and I like it. It doesn't seem to focus light as well as a traditional (incandescent) flashlight, but it's pretty bright, and I never have to worry about replacing the bulb. And the batteries seem to last a long time.

03 August 2007

Link goatsed

A co-worker just pointed out that a link in my OSCON 2007: Thursday post went to a ghastly gay male porn site. I think it was the correct link at the time (or I may have copied it down wrong), or else something happened to that domain. Anyway, my apologies to anyone who followed that link (slides for the vim talk) and was appalled.

31 July 2007

Evil advertisement

Just saw something terrible on TV. They took the Ripley-in-power-loader v. alien queen fight at the end of Aliens and turned it into a DirecTV commercial.

Part of me just died. Horribly.

30 July 2007

OSCON 2007: Friday

OSCON Friday is much like Wednesday and Thursday, but it's a half day: keynotes, two sessions, a final keynote, and a final schmoozing session. The Friday keynotes were pretty good. The first was from Philip Rosedale of SecondLife. He gave a demonstration, which was my first time to actually see Second Life. It looked pretty cool, and he displayed some data graphs from inside the virtual word. He said that lots of people use it for telemeetings. They're beginning to offer voice features, so people will probably start using it for teleconferencing. Some of the components of Second Life are open source, and Rosedale was encouraging the community to contribute to the project.

Next was Jimmy Wales of wikia, which hopes to fulfill Wales' ambitious goal of giving everyone free access to the entire sum of human knowledge. Wales also announced wikia's acquisition of grub, Web-crawling software which lives on unused computer cycles (sort of like SETI@home, but less pointless).

Simon Wardley then spoke about information technology commoditisation. I believe his point was that open source means allowing people not to have to spend all their time building entire infrastructures from scratch, because someone else has hopefully already done it for you and has open-sourced the code. And Simon evidently really likes ducks.

Nat Torkington, OSCON program chairperson, gave a farewell keynote. He's stepping down from OSCON organization duties (and perhaps leaving O'Reilly altogether--not sure). A (paraphrased) quote from his talk was "ignore the noise and make some signal" (participate in and contribute to a cause about which you feel passionate).

The last keynote was "Pimp My Garbage" by an electronics engineer named James Larsson. Larsson like to make interesting things out of computer equipment that other people want to throw away. His creations have to be seen to be fully appreciated, and he took the notion of building a better mousetrap to a hilarious conclusion.

The first session I attended was "Subversion Worst Practices" [sic] by Ben Collins-Sussman and Brian W. Fitzpatrick, a couple of Google software engineers who moonlight as subversion developers. They gave a good list of things to avoid when implementing version control, like storing ISO images in a repository, skipping out on backups, and manually editing repository files.

I was wanting to go to "Testing With Selenium" as my second session, but it was cancelled (selenium is an in-browser unit testing framework, which can be a good way of automated javascript testing). So I went down the hall to "Running Your Programming Language on Parrot", and was quite promptly confused. shrug

So I had some time to kill Friday afternoon. I decided to go to the Chinese Garden and the Japanese Garden. I didn't much care for the Chinese Garden, which was pretty small. It was $7 and 30 minutes of my life I'll never get back. It was OK, but nothing special. It didn't seem very well-kept: the water was pretty murky, and cobwebs were everywhere.

But the Japanese Garden was awesome. It was $8, it's in Washington Park (western Portland), and it was really beautiful and peaceful. I spent a couple of hours there, and took several pictures (I posted them to flickr). I highly recommend this to anyone with a couple of hours to spend in Portland.

Here are a couple of my favorite pictures:

Heavenly Falls

Moon Bridge

26 July 2007

OSCON 2007: Thursday

Enjoyed about half the keynotes too much this morning. The first one was cool: Ben Fry of processing.org showed some data visualization animations that have to be seen to be believed. And Steve Yegge of google gave an irreverently hilarious discourse on branding, and pointed out that branding is something that open source really lacks.

My first session was "Vim for PHP Programmers" by Anerei Zmievski (although the content was not very PHP-specific). This was an excellent talk with lots of neat Vim tricks. It was way too much material for a 45-minute presentation, but he made his slides available, so I'll be able to go through them later. As a Vim noob, I'm quite keen on learning tricks like easily wiping out the text between paired curly braces (or angle brackets or parentheses).

In a couple of the sessions I've attended this week, including today's "Untangling the Web: Dealing with Legacy PHP Code" by Clinton Nixon, people have expressed significant disdain for templating engines in PHP. I've used smarty for a couple of years and really like it. So I guess I don't really understand this sentiment. shrug

"Cache That" by Gopal Vijayaraghavan talked about APC, an opcode and data cache for PHP (Gopal is the lead maintainer of APC). This was pretty interesting, and he talked about some subleties of using APC.

My favorite talk of the day was "PHP Addons for Fun and Profit". (I didn't get the speaker's name, but she said that her blog is coffee.geek.nz). This talk was incredibly informative, with lots of good stuff about memcache and eaccelerator. I'm looking forward to giving memcache a try.

Cloverfield poster

I'm a pretty big J.J. Abrams fan: I really liked _Alias_ (well, the first two seasons, anyway), and I've been enjoying _Lost_. So I'm looking forward to the next Star Trek film (Abrams is directing it).

But I'm really looking forward to the "Cloverfield" film (or "Slusho", 1-18-08, or whatever). Looks like it'll be a pretty cool monster flick. The released the movie poster today, and it's awesome.

25 July 2007

OSCON 2007: Wednesday

Wednesday and Thursday of OSCON are made up of 40-minute sessions after a morning of keynotes. This morning's keynotes started with Tim O'Reilly himself. He talked about how successful Web sites these days are more about user data than they are about the software driving the sites. He listed flickr and del.icio.us as examples, and he listed a few new sites, as well:
  1. freebase: "a structured, searchable, writeable and editable database" of just about anything/everything
  2. dabble DB: looks like an impressive online spreadsheet service
  3. open ads: "the web's largest ad-space community"
  4. hadoop (an Apache project): "a framework for running applications on large clusters of commodity hardware"
Tim also mentioned that StumbleUpon had been purchased by eBay (I didn't know that).

Next were a couple of guys from Intel: James Reinders (a suit) and Dirk Hohndel (looked like he belonged on a snowboard in the Swiss Alps). They talked about the new Intel Threading Building Blocks, a C++ parallelism library (you'd use this library to write software to take advantage of a multi-core architecture). Intel has open-sourced this technology, and there's even an O'Reilly book about it. Hohndel also mentioned moblin.org: Linux for Intel-based devices.

Next up was Simon Peyton-Jones, a researcher who talked about concurrent programming. He said that one approach to addressing the challenges of concurrent programming is to wrap code in a database-like transaction (with a transaction log) to acheive atomicity (like a journaling filesystem, I guess). At that point my eyes started glazing over, and I became hypnotized by his bright red sweater with a picture of a red-eyed treefrog on the chest. (It was really a very interesting keynote, and he's a good speaker--I just didn't understand a whole lot of it.)

Then Tim O'Reilly interviewed Mark Shuttleworth of Canonical. As I'm not a passenger on the Ubuntu bandwagon, and was still recovering from the amphibious atomicity assault, I went looking for coffee or something.

During the course of the day, I attended a handful of sessions, including a couple about nagios (a host- and service-monitoring system) and APD (for profiling PHP code). I enjoyed David Verba's "Practical Design For Web Developers", a discussion of user-centered design (whose 'further reading' bibliography included several interesting-looking books). Perrin Harkins' "Care and Feeding of Large Web Applications" was also pretty cool: he talked about the challenges of devoloping, maintaining, and distributing an enormous Perl-based codebase (the Arcos CMS/CRM).

But my favorite of the day (and maybe of the whole conference) was Joseph Smarr's High Performance JavaScript. I highly recommend the slides from his talk about the development process of the Plaxo online calendar and address book synchronizer.

24 July 2007

OSCON 2007: Tuesday

This morning's tutorial was "PHP and MySQL Best Practices" by Luke Welling and Laura Thomson. I've heard her speak previously at OSCON, and she's a good speaker. And this morning's talk was also good, but it turned out to be mostly review for me, so maybe I should have signed up for something else. But I did pick up a few interesting things that I'll want to research further:
  • test_more (which is like Perl's Test::More) for unit testing
  • PEAR's quickforms2 for form processing
  • PDO might be a good alternative to the PEAR DB in PHP5, but I should probably consider just using the mysqli interface, since I don't really need to be writing my applications to support multiple backend DB engines
  • xdebug looks interesting for profiling
  • if I need to develop in a load-balanced environment, I'll need to move away from storing session data in flat files on the Web server--encrypting the session data and putting it in a browser cookie might be an interesting alternative to storing sessions in a DB
  • I need to look at memchached again
  • mysqlperformanceblog.com looks worth following
Anyway, they had a couple of copies of their book, PHP and MySQL Web Development (3rd ed.), to give away. I asked a couple of questions during the talk, so I scored a free book. Woo-hoo!

The afternoon session was "How To Be a Better Programmer" by Michael Schwern. I've been to Michael's talks before, and he's a bit different (and opinionated). He appeared to have three non-OSCON groupies today, which was a little odd. The first half of his talk turned out to be mostly about soft skills (like getting along with people). While those are certainly useful and important skills, I guess it's not really what I was looking for. Oh, well.

It picked up a bit after the break, and Michael talked about things like version control (specifically SVN and SVK) and unit testing.

A couple of the more interesting (to me) points from Michael's talk:
  • he suggested learning a radically different programming language, and then bringing that language's best features back to your 'native' language
  • hiveminder.com looks interesting for task management
Then there was the evening event.

Seems like Tuesday night is typically a fairly well-organized affair, with several speakers and a pretty interesting program. This year, not so much. Instead of setting up the ballroom with chairs lined up seminar-style (as in years previous), the chairs were arranged around lots of tables, and we were made to go from table to table meeting people. Like speed dating.

There was a musical guest who, to his credit, sang and played guitar fairly well. But he sang about man pages. Yes, man pages. It was supposed to be funny, but no one was really laughing.

There was the annual open source award ceremony, in which PJ of Groklaw (who, disappointingly, was not present) and Paul Vixie (of BIND and cron fame) received some well-deserved recognition. But lots of people were talking, rather than paying attention, so it was difficult to hear the people on stage.

And there were no other speakers. So the evening event was pretty lame. I left early. At least they served booze, which took the edge off, a bit.

23 July 2007

OSCON 2007: Monday

Monday and Tuesday of OSCON are made up of tutorials during the daytime (there are also some evening events). A tutorial is an in-depth presentation of a specific topic, and it lasts 3-to-4 hours.

This morning I went to "Advanced Vim Scripting", for which the speaker was Steve Oualline (it was originally going to be Damian Conway, but they changed speakers a couple of weeks ago--dunno why). It was a good talk. I'm sort of new to vim (I've used joe for about ten years). Here are a few lines I've added to my .vimrc file today, as a result of the tutorial:

iab #p #/usr/bin/perl -w
iab teh the
map \1 :s/^/#/<CR>
map \2 :s/^#//<CR>
map \3 :%!perltidy<CR>
map \4 G:r!svn diff<CR>:sp<CR>gg<C-W><C-W>gg

The first two lines define a couple of abbreviations: if I type #p, it'll be replaced by #/usr/bin/perl -w. And I think I probably misspell the more often that I spell it correctly, so the second one will probably help a lot.

The first three map items allow me to do some tricks I've previously talked about doing in joe. The first two comment or uncomment a region (determined in visual mode), and the third runs perltidy on the whole file. The fourth is useful if you have vim in your VISUAL or SVNEDITOR envariables. When you type svn commit, svn opens vim so that you can record a commit message. If you type \4, the macro sends inserts the output of svn diff at the end of the file, splits the screen, sends each half to the top of the file, and leaves the cursor in the lower half. So you're ready to page down in the lower half to review the changes while recording the commit message in the upper half.

The afternoon tutorial was "Linux Performance Monitoring" with Darren Hoch. This was very interesting to me, as it covered lots of diagnostic techniques for troubleshooting server performance problems. Darren covered vmstat, iostat, mpstat, ps and a few other programs. He pointed out that it's a good idea to run these things when the system is quiet and when it's under load, and to archive this information. This gives good baseline data. In fact, I'm thinking about setting up some cron jobs to do this sort of thing on a regular basis, and maybe doing some trend analysis.

Darren also talked about iptraf, and this may be a good way to track the amount of traffic coming in and going out on various tcp and upd ports. I'd previously tried a very complicated process involving user-defined iptables chains and parsing the output of iptables -L -v. But I may be able to get comparable data by running iptraf for a few minutes at the top of every hour or something.

22 July 2007

2007 OSCON: hotel Internet fee

So I asked at OSCON registration about the hotel Internet fee. I talked to an incredibly hot woman with a nosering, and she said that, alas, it was no mistake.

She said that Portland had recently launched citywide wireless, but that the hotel was blocking it. Charming. Don't know if I need to complain to the hotel, the conference, or both, but I think someone probably needs a wee bit of wrath.

Well, my work (which is paying for this trip) will probably pay for the Internet fee, as I'll likely do some work this week. So I guess I'm still sticking it to 'the man', but I sort of feel like I'm sticking it to the wrong man. shrug

And I stopped by the Ubuntu Live party looking for the Linux Action Show guys, but didn't see them. Oh, well.

OSCON 2007: arrival

Left home this morning to fly to Portland, OR, for the 2007 OSCON. This is my fourth year to attend, and I always have a really good time at this conference.

So far, I'm a little disappointed in the hotel (the Doubletree). In past years, they've waived the $10/day in-room Internet fee, but they say they're not doing that this year. I'm hoping that's a mistake. I'll ask about it when I go check in at the conference in about an hour.

The guys from the Linux Action Show are having a get-together tonight (they're here for Ubuntu Live), and I was planning to join them. Unfortunately, they've picked a place which looks a bit too far to walk (I didn't bother renting a car), so I don't know if I'll do that or not. Looks like they'll be at the Fun, Food, and Drink event, so maybe I'll try crashing that.

21 July 2007

GNU screen w/ ssh-agent

I maintain a lot of Linux servers, and I find it useful to keep an ssh session open to each one. But I don't want a terminal window open for each server, so GNU screen has been really helpful to me. I've used screen for years and I thought I knew most of its features, but I recently saw a post on polishlinux.org which has some really neat screen tricks which were new to me.

One screen trick I've used a lot in the past is to run screen inside of an ssh-agent session, with each screen window being an ssh session to one of my servers. So if I generate a password-protected ssh key and share it to all my servers, I can do the following:

$ screen -S wrapper -c .screenrc_escP
$ ssh-agent /bin/bash
$ ssh-add # supply ssh key password
$ screen -S ssh

The first call to screen sets up a 'wrapper' session, so that the ssh-agent will work for adding new windows to the inner screen session, even if I re-attach from another terminal. The .screenrc_escP configuration file contains escape ^Pp so that the two nested screen sessions have different escape sequences.

Then within the inner screen session, I can ssh to my servers without passwords (because I've already given the ssh key password).

The tedious part of doing this was manually opening all those ssh sessions and naming the screen windows. But now (thanks to the polishlinux.org post) I see that I can save something like the following to a file called .screenrc_ssh:

screen -t host1 ssh host1
screen -t host2 ssh host2
screen -t host3 ssh host3
screen -t host4 ssh host4

And then I can instead do this:

$ screen -S wrapper -c .screenrc_escP
$ ssh-agent /bin/bash
$ ssh-add # supply ssh key password
$ screen -S ssh -c .screenrc_ssh

And all my ssh sessions open like magic.

Another interesting part of the polishlinux.org post is the discussion of regions. This feature lets you split a screen window into regions. I've done this several times by accident, and I always just found it annoying, because I'd have to look in the man page to see how to close a region. I never knew how to use the feature. But you could have an ssh session to two servers in the two regions of the same window--allowing you to run some long-running process on one server and keep an eye on it while you're working on another server in the other region.

Screen rocks.

19 July 2007

xscreensaver in CentOS 5

xscreensaver landed in the CentOS 5 'extras' repository a couple of days ago (I'd previously bemoaned the absence of xscreensaver in CentOS 5).

Nuclear materials for the asking

The New York Times is reporting that the General Accounting Office (GAO) set up a fake construction company and requested a license from the Nuclear Regulatory Commission (NRC) to purchase nuclear materials. The GAO did this in order to audit the NRC's security protocols. The fake GAO company had no physical location, no Web site, no clients, no construction equipment, and no personnel--just a mailbox.

The NRC quite promptly (less than a month) sent the fake company the requested license. In fact, the GAO was able to alter the document so as to be able to purchase more nuclear material than the original license allowed. The GAO was then able to acquire enough americium-241 and cesium-137 (substances which are legitimately purchased by construction companies) to have been able to construct a dirty bomb (the GAO called off the order prior to delivery and never actually constructed a bomb).

So, next time you think the NRC's got your back, think again.

18 July 2007

gpg-based password wallet

I've been using the following script for a while to store passwords in an encrypted file. As you can see from the comments, it's based on a script from a linux.com article, but I've added several features which make it more agreeable to me. To use, save it as an executable file somewhere in your path (I've saved it as ~/bin/wallet).

You'll need to specify the location of the encrypted wallet file. You can do that in one of three ways:
  1. with the PASSWD_LIST environment variable
  2. having something like 'PASSWD_LIST=/path/to/wallet.gpg' in ~/.walletrc
  3. on the command line: wallet -c /path/to/wallet.gpg

Then just type wallet to view your password wallet in less, or type wallet -e to edit your wallet (set your VISUAL environment variable to your favorite editor, or wallet will default to vi).

And here's the script...


# alteration of script described at
# http://www.linux.com/article.pl?sid=07/03/06/1640216
# changes from original:
# 1. use of VISUAL envariable for editor
# 2. storage of password in variable, rather than file
# 3. view-only mode (rather than always opening in text editor)
# 4. symmetric encryption
# 5. saving backup copy of encrypted password file prior to editing
# 6. creates password wallet if it doesn't exist
# 7. encrypted file can be specified by -c option, by PASSWD_LIST
# envariable, or in ~/.walletrc

if [ -f ~/.walletrc ]; then
. ~/.walletrc

if [ -z ${VISUAL} ]; then

while getopts 'ec:' OPTION
case $OPTION in
?) printf "usage: %s [ -e ] [ -c encrypted file ]\n" $( basename $0 ) >&2
exit 2
shift $(($OPTIND - 1))

if [ -z "${PASSWD_LIST}" ]; then
echo "need the encrypted file specified by PASSWD_LIST (in ~/.walletrc"
echo "or the envariable) or with the -c option"
exit 2

if [ ! -f $PASSWD_LIST ]; then
echo "$PASSWD_LIST doesn't exist--attempting to create..."
echo "(you'll need to give gpg a master password in a moment)"
mkdir -p $( dirname ${PASSWD_LIST} )
TEMPFILE=$( mktemp /tmp/wallet.XXXXXX )
gpg -c -o ${PASSWD_LIST} ${TEMPFILE}
rm -f ${TEMPFILE}

# prompt the user for the password
PASSWORD=$( dialog --stdout --backtitle "Password Locker" \
--title "Master Password" --clear --passwordbox \
"Enter the Password Locker master password." 10 51 )

case $RETVAL in
echo "Authentication Required!"
exit 1;;
echo "Authentication Required!"
exit 1;;

# if we're not editing the file, just display it and quit
if [ $EDIT_PWFILE -eq 0 ]; then
echo $PASSWORD | gpg --decrypt --passphrase-fd 0 $PASSWD_LIST | less

TMPDIR=$( mktemp -d /tmp/wallet.XXXXXX )
chmod 700 ${TMPDIR}
# decrypt the password list
echo $PASSWORD | gpg -o $PASSWD_LIST_UNENCRYPTED --passphrase-fd 0 \
$PASSWD_LIST &> /dev/null

# if decryption succeeded, open the password list in the editor
# and then re-encrypt it after the editor closes
case $RETVAL in
echo $PASSWORD | gpg -c -o $PASSWD_LIST --passphrase-fd 0 \
if [ $CRYPT_RETVAL -eq 0 ]; then
rm -rf ${TMPDIR}
echo -n "gpg failed to encrypt your password file! "
echo "Please fix the problem manually!"
echo "unencrypted file at $PASSWD_LIST_UNENCRYPTED"
exit 1
echo "error condition detected (invalid password?)"
rm -rf ${TMPDIR}
exit 1;;

17 July 2007

No more oil: try jatropha and miscanthus

A recent post on the Neutral Existence blog reports that the International Energy Agency says we'll run into serious oil supply problems in only five years. The post says that there will be a significantly increased demand from the booming industrialization of India and China, and that it's becoming increasingly critical to find alternatives to oil.

Along those lines, the Energy Blog had posts for a couple of exotic-sounding alternative fuel possibilities that I hadn't read about before. One is a cellulosic ethanol energy crop called miscanthus, whose output exceeds that of switchgrass:
In the 2004 trials, miscanthus out-performed switchgrass by more than double and in the 2005 trials more than triple.
(Don't know if that means the amount of crop produced, or the amount of energy produced.) And the other is jatropha, a biodiesel crop which grows well in undeveloped land:
Although not suitable for temperate climates, jatropha promises to be less expensive and less competitive for land than food based oil seeds that are used as feedstock for biodiesel.

16 July 2007

Correspondent Inference Theory

Bruce Schneier has an interesting post about correspondent inference theory (the post discusses a recent paper which applies correspondent inference theory to terrorism). Schneier describes correspondent inference theory as the following:

People tend to infer the motives -- and also the disposition -- of someone who performs an action based on the effects of his actions, and not on external or situational factors.

This is relevant to terrorism in the context of the assertion that terrorism is typically not very successful at helping terrorists attain their goals, because victims tend to assume that the terrorists' goal is to hurt them, rather than effecting some political change.

For example, many people probably believe that the 9/11 attacks were carried out because Al-Qaeda wants to destroy the Americal way of life. But the way I understand it, bin Laden's feelings toward America go back to the early 1990s, when Saudi Arabia allowed Western military forces to be stationed in Saudi Arabia, the home of Islam's two holiest cities, Mecca and Medina. The Schneier post lists four other motivations behind bin Laden's actions. Bin Laden doesn't necessarily want to kill Americans for the sake of killing Americans, but rather to change America's Middle Eastern policy. But many people (understandably) have trouble seeing further than Ground Zero, the Pentagon, and a field in Pennsylvania.

This brings me to a very interesting book I recently read: Religious Literacy by Stephen Prothero. The book details how little the typical American knows about Christianity, let alone the world's other major religions. I learned about this book when the author was interviewed on Comedy Central's The Daily Show. Prothero told an anecdote about a government official (someone influential in U.S. foreign policy) who was unable to correctly answer the question "Is Al-Qaeda a Shi'a or Sunni organization?" Prothero's book makes a pretty convincing argument that university and/or high school curriculum programs should include mandatory courses in basic religious literacy, and that understanding religion helps us to be better citizens, better able to make decisions. If you disagree with that thesis, ask yourself a few questions. Do you know what the terms Sunni and Shi'a mean? Do you know why Mecca and Medina are holy to Muslims? Can you name the world's five major religions? To what story was George W. Bush referring when he mentioned the Jericho Road in his inaugural address?

15 July 2007

Google Earth finds new Chinese submarine

I thought this was pretty cool. If you download and install Google Earth (there's now even a version for Linux), you can see China's new Jin-class ballistic missile submarine. The coordinates are 38°49'4.40"N, 121°29'39.82"E.

14 July 2007

PHP4 end of life

I maintain a lot of legacy PHP code on some CentOS 4 servers, and CentOS 4 comes with PHP4 (I only recently became aware of the PHP5 packages in the centosplus repository). I've long resisted trying to move to PHP5 due to (probably overblown) fears of broken code.

PHP recently announced the PHP4 end of life at the end of 2007 (with some security updates through 8 August 2008). So it looks like I've just about run out of excuses.

Makes me wonder what Red Hat will do about their RHEL3 and RHEL4 distributions.

11 July 2007

Screw the iPhone

I'm so sick of hearing about the iPhone. For those of you who have an iPhone, congratulations. And for those of you who've had service or hardware problems, condolences. And for members of the press who can't seem to talk about anything else, you suck.

It's an expensive phone. So go call your accountant. Or get a real hobby. Or something.

Looks like someone's already pwned the damn thing, anyway (yes, that's right, pwned).

10 July 2007

Photos from Antarctica

Some photos (not mine) from Antarctica hit digg.com yesterday. The post says it's a flash-frozen tsunami. Lame, but the pictures are very cool.

09 July 2007

the end of sysadmin

I've been a subscriber of Sys Admin for several years. So I was surprised and disappointed to read this in the 'syslog' (letter from the editor) of the newest issue:
This is the last issue of Sys Admin magazine that you will receive. The magazine is ceasing publication as of this issue.
No warning, no fanfare, they're just done.

There's nothing else anywhere in the issue to indicate the end of the run, and I don't see anything on the Web site, either. Must have been a very abrupt decision.

Sys Admin appears to have been part of CMP media, which owns several other Web sites and publications. I wonder if they'll send me a few issues of something else to finish out my current subscription.

08 July 2007

new 7 wonders

A new seven wonders of the world have been selected. There's a pretty good wikipedia page with pictures and links for the 21 finalists. Apparently the voting is somewhat suspect, and it seems that Egypt was pretty annoyed by the whole thing (the pyramids of Giza are the only surviving monuments from the original seven wonders, and Egyptian officials didn't think the pyrimids needed to compete again).

And here's the wikipedia page for the ('original') seven wonders of the ancient world. Looks like earthquakes are pretty rough on these things.

07 July 2007

Cosmologically illogical

I don't get into astronomy much any more, but I thought this Ars Technica article was pretty interesting. The article talks about a paper to be published in the journal General Relativity and Gravitation. The paper claims that in 100 billion years the universe's cosmological evidence will have disappeared. The cosmic microwave background will be buried in interstellar plasma, and light from other galaxies will have been redshifted (from Hubble expansion) too much to be detectable.

Reminds me of that Simpsons episode: "Let's burn down the observatory so that this can never happen again!" (If I only had a dime for every time I've thought those very words.)

06 July 2007

July 4 sunset

Spent July 4th with friends and took some photos of the sunset. I especially liked this one (I fiddled with the colors a bit):

sunset 20070704, after fiddling a bit with colors

05 July 2007


You can't swing a dead cat over your head lately without hitting a blog post which mentions version 3 of the GNU Public License (an appropriately cynical reader would correctly point out that this would require swinging a dead cat at a fairly narrowly-focused RSS reader). I don't really know a lot about the GPL, but here are a couple of resources which look useful:
  1. a post on Luis Villa's blog (some poor bastard in law school)
  2. the GPL FAQ on the GNU Web site
  3. a critical view of GPLv3
  4. speculation about Microsoft's reaction

04 July 2007

e-voting source code disclosures

Efforts by Microsoft and a few vendors of e-voting technology recently failed to amend New York state legislation in a way that would have weakened source code escrow provisions.

New York state passed legislation in 2005 requiring that e-voting software source code be placed in escrow for examination. Microsoft (whose Windows operating system is used by some e-voting products) lobbied to amend that legislation. This amendment would have exempted code not specifically designed for voting technology. I suppose this would have made it easier for Microsoft and the e-voting vendors to claim that most or all of their code is to generalized to be considered voting-specific, and would therefor be exempt from examination.

California has similar source code disclosure provisions regarding e-voting technology. One e-voting vendor (Election Systems & Software) had been holding out for months, but recently (and grudgingly) turned over their source code to the California Secretary of State.

Looks like event Presidential candidate John Edwards is getting into the act.

03 July 2007

Restrictions on photography in NYC

The New York City Mayor's office is considering new rules which would require a person to obtain a permit and an insurance policy as a prerequisite to certain kinds of public photography in NYC.

The rule would apply to two or more people taking pictures in one location for more that 30 minutes, and also to someone using a tripod for more that ten minutes (that timeframe includes setting up and dismantling the tripod).

So what about someone taking pictures at the Macy's Thanksgiving Day Parade? That's more than a half-hour, and typically more than one person.

The Mayor's office says that this is not intended to affect tourists and amateur photographers. In fact, the article doesn't say what these rules are intended to accomplish (the article says that the rules are coming from the Mayor’s Office of Film, Theater and Broadcasting). But I imagine that city officials will try to justify this as an improvement in city security, based on stories of terrorists taking pictures of their intended targets for planning purposes.

Bruce Schneier talks about this kind of thing a lot in his blog. He calls it security theater: doing something which has the appearance of improving security but which actually doesn't accomplish anything except inconvenience the innocent (like having someone make a cursory visual inspection of your car's trunk when you enter an airport--they're paid a wage not to look through your suitcases, just to look at your suitcases).

Refuse to be terrorized.

02 July 2007

Dallas World Acquarium

Friends and I went to Dallas recently to see The Police in concert (great show). We also checked out the Dallas World Acquarium. I took several pictures, most of which didn't come out very well. But here are a couple of pretty good ones.

This first one may be hard to understand out of context. There's a large pool with rays and a shark, and there's a plexiglass tunnel along the floor of this pool. You can walk through the tunnel and see the shark and rays (although the distortion is pretty bad). You can also (from an upper level) look down into the pool and see the tunnel. This picture is looking down into the pool while the shark is swimming over the tunnel:

shark swimming over tunnel

And here's a penguin, because penguins are awesome:

penguin having a nap

The DWA also has a black jaguar. Beautiful animal. So if you've got a couple of hours to kill in Dallas, hit the DWA.

30 June 2007

CentOS 5 follow-up II

I was able to build gtkpod on CentOS 5 today. Wasn't all that hard, really. Leave a comment if you'd like the SRPM. (For some context, you may want to see my previous posts on gtkpod and CentOS 5.)

And yesterday when I ran yum, I found out why there's no xpdf in CentOS 5: it's been obsoleted by a package called poppler-utils. poppler is an xpdf fork, and the poppler-utils package includes the extra utilities like pdftotext and pdfimages. Apparently evince uses the poppler libraries. And if you prefer xpdf to evince (like I do), just compile xpdf (using the --with-freetype2-includes=/usr/include/freetype2 option to 'configure') and copy it into your path.

stupid bash tricks

Saw this on digg or something last week (and a friend also sent it to me via del.icio.us):

10 Linux Shell Tricks You Don’t Already Know. Really, we swear

I usually don't find these posts very useful, but this one had a couple of nice surprises. I'd never heard of ssh-copy-id, but it sure looks a lot easier than adding pubkeys manually. And the trick of recovering from an NFS mount gone haywire might work for a Samba mount (that happened to me the other day).

29 June 2007

Recent energy-related developments

The San Francisco Chronicle has an article about how the idiots we elected to Congress are bickering about energy standards. Sometimes I'm amazed Congress ever gets anything done at all.

In happier news, the Energy Blog has a post about a new CO2 sequestration technique developed by Global Research Technologies (GRT). CO2 sequestration is the process of putting CO2 into storage (typically underground), instead of releasing it into the atmosphere: for example, future coal-burning power plants would point their smokestacks down, rather than up (that is a gross oversimplification).

But this GRT technique is a little different: instead of grabbing CO2 as it is produced (which I suppose can only level off greenhouse gas emissions), this method would be able to pull CO2 out of thin air (which could potentially reduce atmospheric greenhouse gases).

There is mention of the GRT technique on the wikipedia page for the Virgin Earth Challenge, Richard Branson's $25 million prize for atmospheric scrubbing of greenhouse gases.

28 June 2007

The customer is always right

A fun post found its way to the digg homepage the other day. Although it was written by a Web designer, it's a pretty accurate indictment of the sort of thing I put up with, too:

If Architects Had To Work Like Web Designers

In a similar vein, StumbleUpon (installed it a few days ago--pretty cool) gave me this little bit of wisdom:


27 June 2007


ONLamp has a pretty good article about the differences between ODF and OOXML. ODF (Open Document Format) and OOXML (Office Open XML) are both XML-based file formats which can be used to store word-processing documents, spreadsheets, etc. There is fierce competition for adoption between these two formats, notably in the arena of long-term government document storage. This competition is controversial for a number of reasons, including the fact that OOXML is a Microsoft product.

A google search for 'OOXML "men in black"' turns up quite a few hits regarding allegations of Microsoft lobbyists and lawyers trying to sway state legistatures (like Florida) toward OOXML.

26 June 2007

Microsoft Protection Rackets

There's an interesting linuxtoday.com article about some of the recent patent indemnification deals Microsoft has signed (Novell, Xandros, Linspire, and LG). Actually, it's more about the companies who've gone on record saying they'll have no part of it (Red Hat, Canonical [Ubuntu], and Mandriva).

25 June 2007


On a recent episode (#51) of The Linux Action Show (a weekly podcast about Linux), one of the hosts (Chris) was responding to a listener question about editing ID3 tags (that's the metadata attached to media files, like MP3 and OGG files).

This is interesting to me, because I've had sort of mixed results in editing ID3 tags (I've yammered about this before). I've tried the ID3-editing feature in gtkpod, but it consistently crashes gtkpod (ick). So I've been using the command-line utilities from id3lib. That works, but it's a command-line interface, and it's typically a file-at-a-time kind of thing.

Chris suggested easytag, and it's really cool. It's a graphical interface, and it makes it easy to edit the ID3 tags of multiple media files. There are RPMs for CentOS (v4 and v5) on the extras site. Good stuff. Thanks, Chris.

24 June 2007

Shoutout to PJ

In support of PJ, I'm including the following inaccurate statements from a TechNewsWorld article by Kimberly Hill. Perhaps this will draw a few search engine hits. If you are reading this, please read PJ's side of the story, in which she (PJ) makes it clear that she had no part in the OSRM study about patents supposedly infringed by Linux: this is in direct contradiction to comments made by Laura Didio of the Yankee Group.

Here are some of the statements PJ refutes:

Back in 2004, said DiDio, then-fledging insurance firm Open Source Risk Management commissioned a study to determine just how many patients Linux may infringe upon. At that time, the number was pinned at 280 or so, most of them owned by IBM (NYSE: IBM) Latest News about IBM, with about 30 held by Microsoft.

The now-infamous study was performed by Pamela Jones of Groklaw, and its methods and conflicts have seen much comment since then. Still, DiDio asserted, the open source community itself was the first to raise the issue of how much Linux actually overlapped, in terms of intellectual property, with proprietary software.

23 June 2007

zap2it closing

In December I bemoaned the revolting changes to yahoo's TV listings, and I switched to zap2it. Well, the other day I read that zap2it will be discontinuing its free TV listings on 1 September.

So it was looking like I'd have to find another source of online TV listings. But I just had a pleasant surprise. It looks like yahoo actually listened to (at least some of) the negative feedback from late last year, and their online TV listings don't suck nearly as much as the last time I wrote about them. At the time, I had three major gripes about the changes to yahoo TV:
  1. painfully slow incremental loading--it doesn't do that any more
  2. really annoying 3-hour browsing blocks--they're back to 1-hour increments (and they fixed the problem of not being able to see listings of shows starting prior to the current block)
  3. amnesia about my display preferences: I signed in, set my preferences, signed out, deleted my cookies, signed back in, and it remembered to show just my favorite channels.
So, screw you, zap2it. And yahoo, you get another chance.