Reading

Created
Sat, 28/06/2008 - 21:38

I got a phone call yesterday from someone involved with one of the many socially responsible investment houses. It appears that in some (thus far, small) corners of the socially responsible investment community, they've begun the nascent stages of adding “willingness to contribute to FLOSS” to the consideration map of social responsibility. This is an issue that has plagued me personally for many years, and I was excited to receive the call.

Created
Fri, 20/06/2008 - 21:22

Ian Sullivan showed me an article that he read about eavesdropping on Internet telephony calls. I'm baffled at the obsession about this issue on two fronts. First, I am amazed that people want to hand their phone calls over to yet another proprietary vendor (aka Skype) using unpublished, undocumented non-standard protocols and who respects your privacy even less than the traditional PSTN vendors. Second, I don't understand why cryptography experts believe we need to develop complicated new technology to solve this problem in the medium term.

Created
Thu, 10/04/2008 - 23:03

I was amazed to be involved in yet another discussion recently regarding the old debate about the scope of the GPL under copyright law. The debate itself isn't amazing — these debates have happened somewhere every six months, almost on cue, since around 1994 or so. What amazed me this time is that some people in the debate believed that the GPL proponents intend to sneakily pursue an increased scope for copyright law. Those who think that have completely misunderstood the fundamental idea behind the GPL.

I'm disturbed by the notion that some believe the goal of the GPL is to expand copyrightability and the inclusiveness of derivative works. It seems that so many forget (or maybe they never even knew) that copyleft was invented to hack copyright — to turn its typical applications to software inside out. The state of affairs that software is controlled by draconian copyright rules is a lamentable reality; copyleft is merely a tool that diffuses the proprietary copyright weaponry.

Created
Thu, 10/04/2008 - 17:33
The Syndicate Track
View from halfway up the Syndicate Ridge

Sunday, Di, Emma, Chris and I went up and down the Syndicate Ridge. It was a fantastic workout for our legs and lovely mornings walk. Chris went all ‘Bush Tucker Man’ on us and distributed lots of odd berries which I nibbled, took …

Created
Fri, 25/01/2008 - 00:55

When I started building our apt-mirror, I ran into a problem: the machine was throttled against ubuntu.com's servers, but I had completed much of the download (which took weeks to get multiple distributions). I really wanted to roll out the solution quickly, particularly because the service from the remote servers was worse than ever due to the throttling that the mirroring created. But, with the mirror incomplete, I couldn't so easily make available incomplete repositories.

The solution was to simply let apache redirect users on to the real servers if the mirror doesn't have the file. The first order of business for that is to rewrite and redirect URLs when files aren't found. This is a straightforward Apache configuration:

Created
Thu, 17/01/2008 - 02:22

Working for a small non-profit, everyone has to wear lots of hats, and one that I have to wear from time to time (since no one else here can) is “sysadmin”. One of the perennial rules of system administration is: you can never give users enough bandwidth. The problem is, they eventually learn how fast your connection to the outside is, and then complain any time a download doesn't run at that speed. Of course, if you have a T1 or better, it's usually the other side that's the problem. So, I look to use our extra bandwidth during off hours to cache large pools of data that are often downloaded. With a organization full of Ubuntu machines, the Ubuntu repositories are an important target for caching.

Created
Wed, 09/01/2008 - 23:01

Suppose you have a domain name, example.org, that has a primary MX host (mail.example.org) that does most of the delivery. However, one of the users, who works at example.com, actually gets delivery of <user@example.org> at work (from the primary MX for example.com, mail.example.com). Of course, a simple .forward or /etc/aliases entry would work, but this would pointlessly push email back and forth between the two mail servers — in some cases, up to three pointless passes before the final destination! That's particularly an issue in today's SPAM-laden world. Here's how to solve this waste of bandwidth using Postfix.

This tutorial here assumes you have a some reasonable background knowledge of Postfix MTA administration. If you don't, this might go a bit fast for you.

Created
Wed, 02/01/2008 - 01:32

I thought the following might be of use to those of you who are still using Apache 2.0 with LDAP and wish to upgrade to 2.2. I found this basic information around online, but I had to search pretty hard for it. Perhaps presenting this in a more straightforward way might help the next searcher to find an answer more quickly. It's probably only of interest if you are using LDAP as your authentication system with an older Apache (e.g., 2.0) and have upgraded to 2.2 on an Ubuntu or Debian system (such as upgrading from dapper to gutsy.)

When running dapper on my intranet web server with Apache 2.0.55-4ubuntu2.2, I had something like this:

Created
Thu, 22/11/2007 - 10:26

Many people don't realize that the GPLv3 process actually began long before the November 2005 announcement. For me and a few others, the GPLv3 process started much earlier. Also, in my view, it didn't actually end until this week, the FSF released the AGPLv3. Today, I'm particularly proud that stet was the first software released covered by the terms of that license.

Created
Sat, 25/08/2007 - 01:10

In my previous post about Xen, I talked about how easy Xen is to configure and set up, particularly on Ubuntu and Debian. I'm still grateful that Xen remains easy; however, I've lately had a few Xen-related challenges that needed attention. In particular, I've needed to create some surprisingly messy solutions when using vif-route to route multiple IP numbers on the same network through the dom0 to a domU.

I tend to use vif-route rather than vif-bridge, as I like the control it gives me in the dom0. The dom0 becomes a very traditional packet-forwarding firewall that can decide whether or not to forward packets to each domU host. However, I recently found some deep weirdness in IP routing when I use this approach while needing multiple Ethernet interfaces on the domU. Here's an example:

Created
Wed, 13/06/2007 - 00:10

Way back when User Mode Linux (UML) was the “only way” the Free Software world did anything like virtualization, I was already skeptical. Those of us who lived through the coming of age of Internet security — with a remote root exploit for every day of the week — became obsessed with the chroot and its ultimate limitations. Each possible upgrade to a better, more robust virtual environment was met with suspicion on the security front. I joined the many who doubted that you could truly secure a machine that offered disjoint services provisioned on the same physical machine. I've recently revisited this position. I won't say that Xen has completely changed my mind, but I am open-minded enough again to experiment.

Created
Tue, 08/05/2007 - 21:30

Nearly all software developers know that software is covered by copyright. Many know that copyright covers the expression of an idea fixed in a medium (such as a series of bytes), and that the copyright rules govern the copying, modifying and distributing of the work. However, only a very few have considered the questions that arise when trying to determine if one work infringes the copyright of another.

Indeed, in the world of software freedom, copyright is seen as a system we have little choice but to tolerate. Many Free Software developers dislike the copyright system we have, so it is little surprise that developers want to spend minimal time thinking about it. Nevertheless, the copyright system is the foremost legal framework that governs software1, and we have to live within it for the moment.

Created
Thu, 26/04/2007 - 15:10

We went to the Curryfest last weekend which was pretty good. Of course we ended up spending most of the time with Emrys in the playpark with hundreds of kids.

Em at the curryfest
Em at the curryfest

I have just returned from a weekend at Station Creek with Ev. We hung out like …

Created
Wed, 18/04/2007 - 03:56

I don't remember when it happened, but sometime in the past four years, the Makefiles for the kernel named Linux changed. I can't remember exactly, but I do recall sometime “recently” that the kernel build output stopped looking like what I remember from 1991, and started looking like this:

CC arch/i386/kernel/semaphore.o
CC arch/i386/kernel/signal.o

This is a heck of a lot easier to read, but there was something cool about having make display the whole gcc command lines, like this:

Created
Wed, 11/04/2007 - 02:21

One of my biggest worries in using a laptop is that data can suddenly become available to anyone in the world if a laptop is lost or stolen. I was reminded of this during the mainstream media coverage1 of this issue last year.

There's the old security through obscurity perception of running GNU/Linux systems. Proponents of this theory argue that most thieves (or impromptu thieves, who find a lost laptop but decide not to return it to its owner) aren't likely to know how to use a GNU/Linux system, and will probably wipe the drive before selling it or using it. However, with the popularity of Free Software rising, this old standby (which never should have been a standby anyway, of course) doesn't even give an illusion of security anymore.

Created
Wed, 04/05/2005 - 10:00

A few days ago, I acquired a number of IBM xSeries servers — namely x206 and x226 systems — for my work at the The Software Freedom Law Center. We bought bare-metal, with just CPU and memory, with plans to install drives ourselves.

I did that for a few reasons. First, serial ATA (S-ATA or SATA) support under Linux has just become ready for prime time, and despite being a SCSI-die-hard for most of my life, I've given in that ATA's price/performance ratio can't really be beat, especially if you don't need hot swap or hardware RAID.

When I got the machines, which each came with one 80 GB S-ATA drive, I found them well constructed, including a very easy mounting system for hard drives. Drives have a blue plastic tray that looks like this (follow link of image for higher resolution shot).

Created
Mon, 28/03/2005 - 09:38
Ev's wolf
Evan drew this awesome wolf

Well, sugar crazy-kid-day is done. Been a bit slack with the blog, working too much of late, no excuse. I made a post-box yesterday with Oscar the Grouch on it, rather confusingly, he is saying, ‘No Junk’. I really need to think things through before …

Created
Wed, 29/05/2002 - 18:40

Hmmm… sorry been rather busy lately. I’ve added a couple of photos of the Em and Choppy. Evan bottle fed Emrys today because Cheri had to go to the dentist. He was dead chuffed and seemed to be much better at it than me.

Tomorrow we are going to …

Created
Thu, 25/04/2002 - 12:52

Dang! Yellow is ugly, I’l have to change the colour again. ‘scuse me while I go upstairs to get another glass of wine…

Aaaaagh!! this keyboard is wobbling, Evan is watching a disney (aka satan) movie called, “dinosaur” very loudly. Emrys is sleeping on my arm hence the one …