Well, we have enough lightning talks now to fill the space without anyone having to speak for more than ten minutes.
I know I said you have until the 15th to make proposals, but I sorta forgot that I have to come up with something resembling a paper for this, which will probably be a list of the talks that will be given. And it's due on the 6th. So if you have been thinking about proposing a lightning talk, I suggest at least emailing me soon even if you're not ready to add it to the wiki page yet, so that I can pencil it into the schedule.
I've marked the talks that I am currently planning on accepting as "accepted" on the wiki, but this is still tenative until the 15th.
(Hmm, it's time for my bi-yearly DST rant. Here goes.)
One of the many lame excuses given for daylight savings time is that it cuts down on crime, since more crime occurs after dark. This might be true of violent crime, since fewer people will be out after dark, but what about other crimes? It's interesting to think about ways that criminals could exploit possible confusion, broken data-keeping, etc around the discontinuity caused by daylight saving time changes.
Q: Where were you on the night of October 30th 2005 between 1 and 2 am?
A: Well, I was at this bar with my friends that whole hour, I have an alibi.
Ok, that's a bit easy to catch (although there's a real life story of a similar trick being used to avoid manslaughter charges), but what about more subtle cheats? All-night workers last night could pretty easily cheat their employer out of an hour's pay, for 2 am to 3 am. Conversely, if they're not careful, their employer might cheat them next fall. The only people I've ever heard discuss this are all-night radio jockies, but those guys love to hear themselves talk enough that an extra hour to do it in is not a problem to them. I'll bet that a fry cook would rather get some extra sleep.
But this is still small, er, potatoes. For really nice exploits you have to take advantage of explicit failures of technology. One such failure is in the way Windows manages daylight savings changes. Unlike Unix, which elegantly flips between two time zones, such as EST and EDT, but still keeps counting each second from Jan 1st 1970, Windows actually changes the clock.
Despite a brainwashed nation that has been taught that moving the hands back or forward is the right thing to do, in the world of computers, it's bloody stupid. A google for "daylight savings windows bug" turns up a million or so hits caused by this behavior, describing problems like this:
Windows reports erroneous file modification times, which change according to daylight savings.
And this:
When Windows NT automatically adjusts for daylight savings time, the times on files on Windows NT file system (NTFS) partitions and the events in the event logs are retroactively shifted by one hour, even though the files and event records were created before the daylight savings time change.
Now, I think there's all kinds of potential for criminal fun in file modification timestamps being wrong, and log files having innaccurate times. Throw in the odd backup that fails to run due to being scheduled to run at a time that never exists, and the time slip begins to seem like an ideal time for shady activities. (And a very poor time to be in a hospital hooked up to windows-controlled life-support equipment. Double-dose of morphine, anyone?)
True story: A year ago I was at a fancy hotel, which was burgalarised. This hotel had electronic locks on the doors, which logged when the doors were opened, and by whom. The techies whose possessions were stolen were able to use this information, plus what they knew about when the theft must to have occurred, to narrow down the suspects to one or two hotel employees who opened the door at the right time. If those logs went to a machine running windows and the theft occurred during England's change to DST, it's quite possible the logs would have been useless.
It's not too far from this kind of scenario to something suitable as an entry in Schneier's movie-plot terrorist threats contest. Although it's worth noting that the airline industry deals with timezone changes all the time, so if they have any sense, the DST change is not an exceptional event for them. One of the interesting things about plane travel to me is the way a plane in flight between timezones is a space in which no defined time zone exists. But I digress..
I suspect that the real source of fetile bugs related to DST is in the interstices between operating systems where programs have to deal with the peculuarities of multiple OSes to behave correctly. Such as this unison/linux/windows bug. Put different systems together and they fail in myriad ways, and there's room in the cracks for criminal activity.
Thing is, I don't have a very good criminal mind, at all, so if any of the slightly weak approaches I've detailed above is feasable, it seems to me there must be some terrific scams, techniques, etc, that people who are good at thinking that way, and have the right motivation can use.
Hmm, is there still no good general-purpose C library for pulling info out
of /proc/acpi easily? I'd have thought we'd have one by now, but currently
the closest thing I know of is my own acpi.c
not-quite-a-library. Seems weird that there's a libapm, but no libacpi
when the acpi info in /proc is so much harder to parse than /proc/apm
(especially if you want to be somewhat efficient about doing so).
My acpi.c kinda wants to turn into libacpi, but I kinda don't want it to.
(Maybe something like HAL is how we're supposed to deal with this stuff these days?)
Well, this will be one birthday I'm sure to remember. After all the rigors of transatlantic flight I arrived in Madrid just as my clock rolled over, spent a scarce hour and a half trying to finally get some sleep and then out into the evening to see the city. I had less than a day in Madrid, but I feel I've met my tourism quota walking thru the park and all around downtown: Fountians, drums, monuments, boats in the lake, famous steets, robot dancers and the jugglers in the square, strange cricket-sound balls.
Amaya's hospitality is a force to be reckoned with (as are her cats), and there's a great group of debianistas here. Dinner ran late into the night, and I was lucid for most of it despite lack of sleep, and thanks to their brilliant jet lag amangement, woke up bright and early for the next leg of the trip. In the bus to Extremadura now.
If you base any opinon about something in Debian on the presence of a cabal, your conclusion will be fundamentally incorrect.
There are some peahens in a pen in the little park by the university here in Jarandilla. Why sit at home in the sun at home and watch a peahen when I can do the same in Spain eh? Oh well, back to work..
Here at Extremadura I've been using tbm's serial-console equipped nslu2 to improve Debian's nslu2 support. I've just uploaded version 0.10+r58-2 of nslu2-utils, which amoung other things supports generating usable initramfs images, and flashing the debian kernel and initramfs to the slug when the kernel package is upgraded.
Once integrated into debian-installer, this will improve the installation precedure described here, avoiding the need for the second upslug2 run.
Well, I finally bought my plane tickets for DebConf6, I'll be there from May 11th-23rd. Yeah, I put this off a bit too late, prices are still reasonable to Mexico from the US though.
Just wasted 3 hours fighting with my mailman installation, which had, unnoticed to me, stopped processing any mail two weeks ago. It seemed to be either getting completly stuck on some messages in the outgoing mail queue -- strace and ltrace showed it was in some kind of tight loop processing their contents. So I solved that by removing some 900 of the 1000 queued messages (the ones that were messages about bounces, held messages, and spam), then it processed the rest of the actual important messages quite quickly.
I think I've had enough of mailman. The web user interface is great for letting nontechnical users admin their own mailing lists, but every time the package upgrades I seem to have to manually delete cruft out of the queue; the spamassassin integration sucks, it doesn't allow configuring it on a per-list basis; its mail archiving is sucky, especially its attachment handling; it seems to shunt random messages constantly for no apparent reason; mailing list admin is unending drudgery of processing mails that it thinks are spam; this is at least the third time in the past year that it's just died for no apparent reason; and in general it seems the be designed with the idea that there will be a human constantly in the loop babysitting things. Oh and it still defaults to sending stupid monthly password reminders in cleartext.
Guess I should try Enemies of Carlotta or something, ezmlm used to work fine w/o handholding back when I used qmail.
joey@dragon:~>sudo debconf-get-selections |grep debconf/
debconf debconf/priority select high
debconf debconf/frontend select Readline
debconf-get-selections is the tool you are looking for. If it doesn't
seem to work, might I suggest a bug report or email, or at least some
example of how it doesn't work rather than a vague, hard to reply to blog
post about it? Argh.
I've added a sigprogs page listing some of the signature programs I've written over the years. As I was researching that, I discovered pictures of one of my programs, a variant of the RSA in 3 lines of perl, that two people have gotten tatooed onto themselves.
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
I remember sending that in, but until today I hadn't realised that my keystrokes had actually translated into needle sticks for two people, Youch!
(The history of why a few people did things like getting programs tattoed on their bodies as a form of political protest is pretty interesting, if you're not familiar with it, the basics is that this tiny 3 line program was considered a dangerous "munition" by the US government, and was thus illegal to export. Nowadays you just have to mail a copy to the CIA or someone before exporting it; OTOH I think my DVD decoder T-shirt is still illegal.)
Anyway, I wonder how to represent this acheivement in my resume? "Munitions tattoo artist"?
This weekend Debian has had a BSP focusing on fixing release critical bugs. As that wraps up, I suggest that everyone use today as a day to check over the bugs you've filed yourself.
Just go to http://bugs.debian.org/from:joeyh@debian.org, replacing my email address with yours. Some things to check:
- Are there any bugs marked
moreinfo? Make sure the maintainer has the info they've asked for and remove the tag. - Are there any bugs marked
wontfix? Read over them, and if you agree with the maintainer that they shouldn't be fixed, close them. - Are there any bugs marked
unreproducible? See if you can, and come up with a recipe the maintainer can use. Or if you can't, close it. - Are there any d-i installation reports? If so, read back over them and if that issue wouldn't be a problem installing today, close the bug.
- Are there any bugs marked patch or pending for a long time? Follow up, ping the bug and make sure the maintainer hasn't forgot to upload the fix.
- Are there any bugs that have no excuse not to be fixed by now? Well, we are still in a BSP.... :-)
Even if you have reported a lot of bugs (I have 629 open :-( ), this should not take more than an hour, and is probably the absolute easiest way to close some bugs in the Debian BTS that there is.
Now that I've finished adding email subscriptions to ikiwiki the only thing blocking me finally making an official release of it is html sanitization.
This is the part I've put off till last because it's the part I hate.
Somehow the web has evolved a backwards security model that wants sites with dynamic content to be responsible for policing that content for things that could cause security issues, instead of just making browsers actually secure so that no possible html can be a security issue. Which is of course absurd, but the various types of potential cross site scripting attacks that users of your wiki will be vulnerable to if it doesn't try to sanitise its html are nothing to laugh at.
So everyone is left having to sanitise any untrusted content that they put up on the web. In my experience, almost everyone does it poorly, I've even found XSS holes in well-designed websites like Advogato. It doesn't help that browser coders are busy adding new featuresWholes to their web browsers, which everyone then has to update their sanitisers to block.
I don't like participating in security arms races, so while I am evaluating various html sanitisers right now, adding html sanitisation to ikiwiki is not a pleasant idea, and I am tempted to punt on it, document the issue, and refer anyone experiencing problems to the authors of their web browsers.
Sigh.
Finland
I think we all just want to get a chance to go back to Finland sometime. Maybe DebConf7? :-)
Spectacular weather. Coming home the hill was the strangest color, new green spring leves mixed with dim reddish light through the clouds. Now small hail, thunder, and the kind of rain that makes things feel like you suddetly drove into a tunnel.
In other words, we could now produce our 1948 standard of living (measured in terms of marketed goods and services) in less than half the time it took in that year. We actually could have chosen the four-hour day. Or a working year of six months. Or, every worker in the United Stares could now be taking every other year off from work-with pay.
In a way I've managed to make that choice. I currently work four hours a day on paid work; over the past 8 years that's been my average thanks to taking several years mostly off work.
Of course things are really more complicated, since I spend a lot (often more than four hours) of my leisure time on technical "work" that's just as demanding (if less stressful generally) though not done for money, and since there's a definite bleed over between what I'm working on on my time off now and what I'm likely to be paid for doing in a couple of years time.
The article suggests that we would need to cut our desired standard of living in half to work half time. While mine is probably lower than average, it's not that much lower, at least for this area; I have to make up the difference by being a more desirable employee than average, and part of how I do this is "banking" my contributions in my free time. This is an aspect of free software that many people don't seem to get, that your contributions can pile up over time and end up being personally beneficial later.
Of course health care is really problimatic when working a reasonable amount of time, such as four hours, in America. You have to budget at least 3/4 your health care costs to be paid yourself, not as a benefit. Working in Europe begins to seem really attractive, etc.
Amaya -- so sorry about Emacs.
I had two cats for a couple years, and lost Felix during a move back East, The saddest thing has been that Leo lost a brother to play with and had to become sort of a loner, and rely more on human companionship.
Last night Leo suprised me, I was idly swinging my headphones around and he began to play with them and we had a good old style tussle like we used to when he was a kitten, and I thought, hmm, I should probably get him some proper toys again, cats never really outgrow that even if they get to go outside and hunt small furry creatures and butterflies and annoy other cats. Wish his brother was still around..
Anyway, I think you should still take Vim to the beach sometime.
About a month after I started writing my own wiki software, I'm ready for the 1.0 release of ikiwiki.