Ian Sullivan showed me an article that he read about eavesdropping on Internet telephony calls. I'm baffled at the obsession about this issue on two fronts. First, I am amazed that people want to hand their phone calls over to yet another proprietary vendor (aka Skype) using unpublished, undocumented non-standard protocols and who respects your privacy even less than the traditional PSTN vendors. Second, I don't understand why cryptography experts believe we need to develop complicated new technology to solve this problem in the medium term.
Reading
Today [18th June] is Download Day!
VS 
The third version of Firefox has been released today.
Firefox is synonymous with: security, stability and ease of use. If you want to try it out… it is only a small download and installing is a cinch.
If not, well that’s fine …
I was amazed to be involved in yet another discussion recently regarding the old debate about the scope of the GPL under copyright law. The debate itself isn't amazing — these debates have happened somewhere every six months, almost on cue, since around 1994 or so. What amazed me this time is that some people in the debate believed that the GPL proponents intend to sneakily pursue an increased scope for copyright law. Those who think that have completely misunderstood the fundamental idea behind the GPL.
I'm disturbed by the notion that some believe the goal of the GPL is to expand copyrightability and the inclusiveness of derivative works. It seems that so many forget (or maybe they never even knew) that copyleft was invented to hack copyright — to turn its typical applications to software inside out. The state of affairs that software is controlled by draconian copyright rules is a lamentable reality; copyleft is merely a tool that diffuses the proprietary copyright weaponry.
Sunday, Di, Emma, Chris and I went up and down the Syndicate Ridge. It was a fantastic workout for our legs and lovely mornings walk. Chris went all ‘Bush Tucker Man’ on us and distributed lots of odd berries which I nibbled, took …
When I started building our apt-mirror, I ran into a problem: the machine was throttled against ubuntu.com's servers, but I had completed much of the download (which took weeks to get multiple distributions). I really wanted to roll out the solution quickly, particularly because the service from the remote servers was worse than ever due to the throttling that the mirroring created. But, with the mirror incomplete, I couldn't so easily make available incomplete repositories.
The solution was to simply let apache redirect users on to the real servers if the mirror doesn't have the file. The first order of business for that is to rewrite and redirect URLs when files aren't found. This is a straightforward Apache configuration:
Working for a small non-profit, everyone has to wear lots of hats, and one that I have to wear from time to time (since no one else here can) is “sysadmin”. One of the perennial rules of system administration is: you can never give users enough bandwidth. The problem is, they eventually learn how fast your connection to the outside is, and then complain any time a download doesn't run at that speed. Of course, if you have a T1 or better, it's usually the other side that's the problem. So, I look to use our extra bandwidth during off hours to cache large pools of data that are often downloaded. With a organization full of Ubuntu machines, the Ubuntu repositories are an important target for caching.
Suppose you have a domain name, example.org, that has a primary MX host (mail.example.org) that does most of the delivery. However, one of the users, who works at example.com, actually gets delivery of <user@example.org> at work (from the primary MX for example.com, mail.example.com). Of course, a simple .forward or /etc/aliases entry would work, but this would pointlessly push email back and forth between the two mail servers — in some cases, up to three pointless passes before the final destination! That's particularly an issue in today's SPAM-laden world. Here's how to solve this waste of bandwidth using Postfix.
This tutorial here assumes you have a some reasonable background knowledge of Postfix MTA administration. If you don't, this might go a bit fast for you.
I thought the following might be of use to those of you who are still using Apache 2.0 with LDAP and wish to upgrade to 2.2. I found this basic information around online, but I had to search pretty hard for it. Perhaps presenting this in a more straightforward way might help the next searcher to find an answer more quickly. It's probably only of interest if you are using LDAP as your authentication system with an older Apache (e.g., 2.0) and have upgraded to 2.2 on an Ubuntu or Debian system (such as upgrading from dapper to gutsy.)
When running dapper on my intranet web server with Apache 2.0.55-4ubuntu2.2, I had something like this:
Many people don't realize that the GPLv3 process actually began long before the November 2005 announcement. For me and a few others, the GPLv3 process started much earlier. Also, in my view, it didn't actually end until this week, the FSF released the AGPLv3. Today, I'm particularly proud that stet was the first software released covered by the terms of that license.
In my previous post about Xen, I talked about how easy Xen is to configure and set up, particularly on Ubuntu and Debian. I'm still grateful that Xen remains easy; however, I've lately had a few Xen-related challenges that needed attention. In particular, I've needed to create some surprisingly messy solutions when using vif-route to route multiple IP numbers on the same network through the dom0 to a domU.
I tend to use vif-route rather than vif-bridge, as I like the control it gives me in the dom0. The dom0 becomes a very traditional packet-forwarding firewall that can decide whether or not to forward packets to each domU host. However, I recently found some deep weirdness in IP routing when I use this approach while needing multiple Ethernet interfaces on the domU. Here's an example:
Way back when User Mode Linux (UML) was the “only way” the Free Software world did anything like virtualization, I was already skeptical. Those of us who lived through the coming of age of Internet security — with a remote root exploit for every day of the week — became obsessed with the chroot and its ultimate limitations. Each possible upgrade to a better, more robust virtual environment was met with suspicion on the security front. I joined the many who doubted that you could truly secure a machine that offered disjoint services provisioned on the same physical machine. I've recently revisited this position. I won't say that Xen has completely changed my mind, but I am open-minded enough again to experiment.
Nearly all software developers know that software is covered by copyright. Many know that copyright covers the expression of an idea fixed in a medium (such as a series of bytes), and that the copyright rules govern the copying, modifying and distributing of the work. However, only a very few have considered the questions that arise when trying to determine if one work infringes the copyright of another.
Indeed, in the world of software freedom, copyright is seen as a system we have little choice but to tolerate. Many Free Software developers dislike the copyright system we have, so it is little surprise that developers want to spend minimal time thinking about it. Nevertheless, the copyright system is the foremost legal framework that governs software1, and we have to live within it for the moment.
I taught AP Computer Science at Walnut Hills High School in Cincinnati, OH during the 1998-1999 school year.
I taught this course because:
We went to the Curryfest last weekend which was pretty good. Of course we ended up spending most of the time with Emrys in the playpark with hundreds of kids.
I have just returned from a weekend at Station Creek with Ev. We hung out like …
I don't remember when it happened, but sometime in the past four years, the Makefiles for the kernel named Linux changed. I can't remember exactly, but I do recall sometime “recently” that the kernel build output stopped looking like what I remember from 1991, and started looking like this:
CC arch/i386/kernel/semaphore.o
CC arch/i386/kernel/signal.o
This is a heck of a lot easier to read, but there was something cool
about having make display the whole gcc
command lines, like this:
One of my biggest worries in using a laptop is that data can suddenly become available to anyone in the world if a laptop is lost or stolen. I was reminded of this during the mainstream media coverage1 of this issue last year.
There's the old security through obscurity perception of running GNU/Linux systems. Proponents of this theory argue that most thieves (or impromptu thieves, who find a lost laptop but decide not to return it to its owner) aren't likely to know how to use a GNU/Linux system, and will probably wipe the drive before selling it or using it. However, with the popularity of Free Software rising, this old standby (which never should have been a standby anyway, of course) doesn't even give an illusion of security anymore.
I needed to pick a small, inexpensive, 2.0-compliant USB hub for myself, and one for any of the users at my job who asked for one. I found one, the “CP Technologies Hi-Speed USB 2.0 Hub”, which is part number CP-UH-135. This worked great with GNU/Linux without any trouble (using Linux 2.6.10 as distributed by Ubuntu), at least at first.
A few days ago, I acquired a number of IBM xSeries servers — namely x206 and x226 systems — for my work at the The Software Freedom Law Center. We bought bare-metal, with just CPU and memory, with plans to install drives ourselves.
I did that for a few reasons. First, serial ATA (S-ATA or SATA) support under Linux has just become ready for prime time, and despite being a SCSI-die-hard for most of my life, I've given in that ATA's price/performance ratio can't really be beat, especially if you don't need hot swap or hardware RAID.
When I got the machines, which each came with one 80 GB S-ATA drive, I found them well constructed, including a very easy mounting system for hard drives. Drives have a blue plastic tray that looks like this (follow link of image for higher resolution shot).
Well, sugar crazy-kid-day is done. Been a bit slack with the blog, working too much of late, no excuse. I made a post-box yesterday with Oscar the Grouch on it, rather confusingly, he is saying, ‘No Junk’. I really need to think things through before …
Hmmm… sorry been rather busy lately. I’ve added a couple of photos of the Em and Choppy. Evan bottle fed Emrys today because Cheri had to go to the dentist. He was dead chuffed and seemed to be much better at it than me.
Tomorrow we are going to …
Dang! Yellow is ugly, I’l have to change the colour again. ‘scuse me while I go upstairs to get another glass of wine…
Aaaaagh!! this keyboard is wobbling, Evan is watching a disney (aka satan) movie called, “dinosaur” very loudly. Emrys is sleeping on my arm hence the one …
Emrys Tsambikos Tyler Joy
We have decided to include the name Tsambikos in Emrys’ name!! I might explain why later…
Oh and just in (on Charlies’ request), here is a snap of me with my new little boy (Unfortunately I’ve lost this photo)
I’m off to bed now …
Hmm before I forget…
Cheri was getting contractions on and off for a couple of days but they were not at all regular. Eventually at around 4 or 5 pm on the 27th of February, last Wedenesday they started to come with more regularity.
As they were still very gentle …
[ This essay was originally published on gnu.org. ]
When I was in grade school, right here in the United States of America, I was taught that our country was the “land of opportunity”. My teachers told me that my country was special, because anyone with a good idea and a drive to do good work could make a living, and be successful too. They called it the “American Dream”.
What was the cornerstone to the “American Dream”? It was equality — everyone had the same chance in our society to choose their own way. I could have any career I wanted, and if I worked hard, I would be successful.
It turned out that I had some talent for working with computers — in particular, computer software. Indoctrinated with the “American Dream”, I learned as much as I could about computer software. I wanted my chance at success.