I feel like I've been stuck in fast forward mode over the last couple of days and only now am I catching my breath albeit at the expense of a reading assignment that I need to have finished for tomorrow.
The show on Friday night was actually a lot more fun than I imagined it would be. The sound guy at the Climax Lounge has got to be one of the most clueful that I've ever dealt with. This means that he didn't ask us to turn down which means, of course, that he actually understands the dynamics of tube amplifiers and that they sound awful turned down. That understanding alone eased my mind so much that I actually had a better show than usual. I'm usually excited when nothing breaks and songs don't come crashing to a halt but everything was super swell excepting the heating vent that was blasting hot air directly on our drummer Matt and indirectly on me. The more interesting part of the evening really came after we played though. We're talking about not putting out releases of any kind but just making recordings and releasing them via the IntarWeb (meaning that we'll probably have to come up with some mirroring scheme in order to facilitate the downloading of entire albums) and selling/giving away burned CDs with minimal if any packaging at shows. What is surprising about this idea is that I wasn't the one who proposed the commie "give shit away for free" idea. Again, I love my band.
There is a nicely reformatted explanation of the recent Debian server compromises if you're tired of that looking at the bleak black and white wasteland of mailing list archives. It's looking worse all the time with the likelihood of a new local root exploit loose in the wild. I'm probably not the only one who is really, really nervous about this. There haven't been new packages in the archives yet although the old ones are at least reachable now. I had to reinstall AbiWord this weekend and I was very happy to be able to apt-get it. I didn't realize how dependent I am on the Debian way until there were a couple of down days when I couldn't. I have to admit that I've been thinking a lot about DebToo over the last couple of days and looking at Mepis a bit as well. Yes, they're all Debian based but dpkg/apt is like crack...
I fucking hate myself when I discover sites like The Vintage Computer Marketplace. It cements my residence in fantasy land and I start thinking that I really might need an Apple ][ gs or maybe a Lisa board. Really? Only $650 for a piece of computer equipment that was obsolete when I was still in high school. Sounds like a bargain. Well, and then there's the whole Amiga thing...
Scribbling down things I should be remembering although we have to go cheese a quick warm up/practice before the show tonight. I'm not sure how it's going to go given that the headlining band George and Caplin is electronic as fuck but lauded pretty universally. Who knows. There was something important that I was supposed to remember but whatever that was will not be appearing in this space.
Damn. I had this idea a while back that like most of my dipshit and overly ambitious ideas came to absolutely nothing other than some notes scribbled on the back of some junk mail. Luckily the rest of the world is simply full of people who not only have the same dipshit ideas dawn on them but have some follow through behind it.
MyLink is a clone of the incredibly fun hacking game Uplink that is actually very well done for the amount of development work that's done on it. It does require a couple of visits to CPAN for the odd Perl module but most of it was actually packaged for Debian so it was even less painless than it could've been. The one thing that immediately distinguishes MyLink from Uplink is the network play capability built in from the beginning. The downside to this is that you have to fire up a server even to play a local game and, in my case, fux0r your firewall configuration to play a local game but I imagine this will add whole new dimensions to the game in the future. How can you not love that a game about cracking remote machines will eventually allow you connect to real remote machines. Life. Art. Life. Art. I can forgive the difficulty in setting up a game because it's eventual goal is pretty damned cool.
The real downside is that you need an Uplink CD to use the graphics and sound files for the game. This is problematic because so much of the actual gameplay is geared towards sound (the persistent beeping when you're being traced is amazingly stressful) and I have a hard time picturing how it would work (although a visual bell would be helpful and more accommodating) without that element. If you've got an Uplink CD floating around (like I do) which is useless due to changes in glibc or whatever go grab a copy and try it out. I'm thinking that I should probably hack together some simplistic theme to submit to the project to spare one of the dependencies on the actual game. The developer is looking for help in quite a few areas so if you're into geeking on game development in Perl/Tk this is probably something you'd want to get involved in. It's playable right now but there's a whole universe of possibilities for expansion.
Uh oh. Looks like another piece of the default Movable Type install is exploitable by spammers. The word is deleting mt-send-entry.cgi if it isn't something that you use is a good idea since it's easily exploited to send mail anonymously to anyone. Get rid of it. I just did.
If you do need the script for something then Ben Trott created a spam-resistant version that you can download from here.
I guess Google may indeed be the first target for SCO. This isn't particularly surprising although tremendously stupid. Pissing off the Linux community is one thing but aggravating nearly everyone who uses the web for anything more than shopping and whatnot is another entirely. The article linked above hints at more MSFT conspiracy theory but I'm not entirely sure that even they are stupid enough to embark on such a pointlessly antagonistic endeavor. It's going to get interesting. It has to -- the pump and dump strategy depends on it.
Bleh day in general today after drinking way more than I should have last night. I just don't have the capacity to metabolize quite as much alcohol as I did in the pre-diabetic days when the (malt) liquor flowed like, uh, wine. The sad part is that the same thing is probably going to happen tonight because mistakes are made to be repeated or something.
A couple people pointed site that will let you preview your site in Safari for those of us less inclined to the Macintosh. It's a great idea but I think someone out there with the bandwidth and clock cycles to spare should implement another version of this because it's going to get the stuffing knocked out of it once an A-lister mentions it. I'm pleased because my index looks pretty good although I'm running a much more vanilla version of Movable Type than I have in the past.
I'm getting to more snobbish than I like to admit about hacking Perl these days since it's so easy to slap together soething with a lot of functionality in a short period of time but so hellish to try to remember what everything does if you're not in the habit of commenting the hell out of a hundred line script. Python has really spoiled me. I come back to a project that I've been working on in smidgens and pieces since last summer and it only takes me a few minutes to get reacquainted with the code even when I haven't touched it in months and uses a whole lot of functions from libraries.
I bumped into L4Ka project somewhere during the course of looking for something else and promptly forgot my original objective. L4Ka is another microkernel project that looks promising. I'm still not drinking the micro-KoolAid quite yet but it's exciting to see so many active projects doing innovative stuff with the concept. It'll definitely be on my list of things to check into a couple of months from now to see what kind of progress they've made.
I'm still grinding my way through a term paper so today was another day of reading through piles of articles in a relatively vain search for a suitable thesis. Fortunately the paper is half finished without and there is no turning back at this point given the distribution of work I need to finish within the next two weeks.
I did rip MP3s of the final mix of the Midcentury stuff which sounds a whole lot better to me than the first batch. I'm not ashamed to admit that at least part of it is because my guitar was really far down in the mix on the first go round. I'll have Oggs of all of it as soon as the Debian servers are back up so I can download a few things to make sure they come out all right. If the logs are accurate (and they so seldom are) then we have quite a following in Poland and other parts of Eastern Europe. I guess post-math isn't as popular with the kids over here. Go figure.
I'm also working on getting the Linux CD stuff up to date again. I haven't quite got the new Debian release yet mainly because most of the FTP servers haven't synched yet and I'm still getting 3.0r1 as current straight from the horse's mouth. It doesn't help that there is a new Knoppix release every other day...I did manage to snag the new Mandrake release so at least that's there with the damned internationalization CD included this time.
Oh, and go listen to some of the archived Creaking Door. It's hilarious and a lot less grim than much of what you should be doing.
I took a break from everything but school work for the last couple of days because I started to just stress out and do everything badly. It's been one of those semesters and it isn't quite over yet. I still have two novels to read and three papers to write in the next two weeks without even considering final exams which will be right behind that lump. I'm really, really tired of reading reams of Faulkner criticism and starting to rethink my obsession with him. This will probably change when I'm not required to read and understand one of his novels every week but getting engaged in someone else's obsessive compulsive behavior can tire you out, no?
The death of the catbox was a misdiagnosis of the most stupid kind. I'm typing on it right now after doing some very scientific work on the power cord with needlenose pliers and a bread knife. The little bastard is tougher than I thought. It is still weird to have all of the Debian sites down and see an empty result for apt-get update. Speaking of which I didn't see much press coverage at all for the break in. Granted, the mailing list server was taken down which is sort of the mouthpiece for the distribution. I am getting several hundred less pieces of legitimate email a day. That works well with the "taking a break" theme since I'm not emailing a dozen copies of my X configuration file to strangers a day. It startles me how many people will reinstall an entire operating system because they selected the wrong thing during the initial install. dpkg-reconfigure xserver-xfree86 will save you a whole lot of time. We use Debian because we're lazy, remember?
MicroBlogger, as the name implies, is a small, simple, flexible, reliable weblog engine written entirely in bash script. It has absolutely no dependencies on any other programs--No PHP, no SQL, no CGI, no Perl, nothing. Basically, if you have a Unix shell account, you can blog with the best of 'em. MicroBlogger is self-regulating, self-maintaining, and ready to fly straight out of the box. Just unpack the archive in your web directory, add a greeting, and whammo, you're all set!
Sounds tempting but since time is somewhat limited right now I'm not messing with anything other than fixing things that are broken. That and fucking snow shovelling...
Oops. A number of Debian servers were compromised and later taken down for close scrutiny by project folks. Before anyone gets all hysterical (as is happening over at Slashdot) about security and whatnot keep in mind that this was a compromised password not an intrinsic security flaw within the distribution.
This does delay the release of the next stable revision although none of the archives were affected by the break in. This is a great lesson in account maintenance -- watch those passwords and keys kids! I was wondering why non-us and security were down last night but I was distracted by the last pathetic gasps from my dying laptop.
The little laptop finally died. I say finally because it was pretty much ancient when I bought it but after a year or so of keeping me away from my tiny desk it looks like it's the end of the line. Too bad that a good chunk of a ten page paer I have to hand in after the holiday is stranded on the drive. I'm thinking of knocking over a liquor store to replace it. Ack.
A tip of the hat to Rafe Colburn for pointing out this article about TechCentralStation. It pretty much confirms in spilled ink what I've thought about the site for a while: it's lobbyist money that pays the bills over there. TCS has long been on my list of sites to avoid following links back to since the "science" over there is most definitely in sarcastic quotation marks. From the article:
But TCS doesn't just act like a lobbying shop. It's actually published by one--the DCI Group, a prominent Washington "public affairs" firm specializing in P.R., lobbying, and so-called "Astroturf" organizing, generally on behalf of corporations, GOP politicians, and the occasional Third-World despot. The two organizations share most of the same owners, some staff, and even the same suite of offices in downtown Washington, a block off K Street. As it happens, many of DCI's clients are also "sponsors" of the site it houses. TCS not only runs the sponsors' banner ads; its contributors aggressively defend those firms' policy positions, on TCS and elsewhere.
Think about how accurate a source like this might be the next time one of the B-minus list right wingers cites an article from over there as evidence for the nonexistence of global warming for example.
Ars Technica has an excellent posting on this article as well. This will also serve as a reminder to myself to visit AT more often. Every time I've popped over (usually because someone linked one of their articles) I'm always impressed.
I've been keeping my nose out of the SCO/IBM suit for the most part over the past month or so. Every statement SCO makes slides a little bit further down the slope of credibility and makes paying much attention a little like watching a wire-fu movie without the elaborately staged fight scenes. Now they're claiming that they're going to sue end users which strikes me as possibly the most ludicrous claim ever. There is only so much legal circle jerking you can do even when you're paying your attorney in stock that will soon be worth, well, soon be worth the value of a share of SCO before they started making threats. Suing fucking end users? The mental checklist of just how many ways that is impossible is grinding along in my head and I had an epiphany of sorts: Months into this, SCO does not have a single clue what they are doing. When this actually makes it to court the peals of laughter are going to start and with any luck this will see court before McBride has the golden parachute to bail out under.
The choice quote:
McBride: First it's not our customers. I would say we're suing end users. There are only two industries who use the term 'users,' computers and drugs. Not sure if there's a connection there. But the point is, we're not suing our customers. We are going after end users of Linux and I think there's a slight but significant difference there.
Again I'm baffled why lawyers aren't blackjacking him into unconsciousness midsentence. Maybe Boies drank the Kool-Aid instead of dumping it into the potted plant.
On Friday morning my web host made some changes in the Perl binaries on this server so, of course, a number of things broke. One of the things that broke and what brought my attention to it was the arrival of a piece of comment notification mail. It was comment spam and didn't have the wonderful little link to delete it and add the domain to the no-no list. I sighed, fired up a browser, deleted the comment in question, and disabled comments althogether. Twenty minutes later after one of the saintly admins manually rebuilt the module that was malfunctioning I turned comments back on. Seems simple enough to me.
This whole scenario makes me wonder about Mark Pilgrim's grim prediction about the future of comment spam where shit is #1 and the webloggers all swim in the toilet. I agree with most of what he said in the article but the key difference here is that 1) comments are not essential to weblogging. 2) Individual webloggers are the ones who decide whether comments are allowed or not. It's pretty simple (at least if you're using Movable Type) to just disable the damn things and be altogether finished with it. MT-Blacklist while it still works is the only reason that I still have the toggle switch set to "Blast me you semi-literate technophobes." When it fails, as it did temporarily yesterday, I turn off the tap. When the spam overwhelms the blacklisting system I think more than a few people are just going to shut it off. I will at least until we can hack together some kind of system that requires a valid signature or something...
Although I generally think that the one size fits all security features that an operating systems uses are a joke with the exception of some that Apple has made a part of the Mac OS (in particular I'm thinking of the prompt for an administrator password before an application will install -- whether this is security in the true sense or not it at least makes a user aware that they're installing something) and a few isolated measures that other operating systems use. I do like the model that John O'Sullivan talks about in this article specifically:
What we need is not "solutions," but alternatives. I like the Mandrake security setup. You choose from four clearly explained options, with the ability to tweak later if you want. I'd like to see a system like that for Windows. But we need to add to the existing options a low security setting. That's right, low, and it should be the default. The setting would impose a few restrictions, but give users lots of freedom and need no input. They wouldn't be allowed to send more than an average of one email message per minute over any 60-minute period. And there would be restrictions on outbound services. Too restrictive? Fine, go for a higher security setting. But the higher setting would require more user input.
What I like most of about this concept (I'm a little unsure of the specific implementation) is that it places a lot of control in the hands of the end user without making them solely responsible for the security of the box. There are a lot of harshly critical comments attached to the article but I think most of the people there are missing the point. Yes, his security practices on his Windows box are atrocious but he acts as his defense perimeter and keeps his important stuff on a separate machine. Regardless of this somewhat annoying strategy (at least on the client box), the checks and balances system he proposes near the end of the article is really worth considering. It's a shame that people seem to lose all reading comprehension when they perceive (even when it's a pretty correct assumption) something as flameworthy.
If you're not using Movable Type and you're getting hit with comment spam then I have good news for you. Blam may be the solution as a cross platform blacklist management tool. They're looking for contributions from basically anyone so if you've harvested a hefty blacklist or are inordinately skilled at convoluted regexp this might be a project you can help out.
I've been looking at the various articles and rants in different places about the new beta Debian installer and I'm already pretty fed up. No. It isn't graphical. It will run (when out of beta) on 11 different platforms because it has to. There won't be any sudden conversion over to supporting only or forking x86 just so you can click instead of tabbing during the install. It's an installation for chrissakes not a fucking video game. Get over it.
There's a nice walkthrough of the new installer with pictures but it's slashdotted as hell right now. I looked at it really late last night and everything looks about the same only with the magic of hardware detection. This is one of the worst stumbling blocks for me -- trying to match a kernel module to a piece of hardware. Yes, I nearly always know what the piece is called but sometimes matching that to a truncated name is a painful process of trial and error. I'm not sure how pushy the detection will be but hopefully you'll get the same option as always to yank modules out before the first real boot. This has always killed Gentoo for me -- the use of auto detection that goes awry and crashes the installer. I have a pretty standard PCMCIA NIC in this laptop but for some reason almost all detection tries to assign it a different module. Anyway, I'm guessing that because of the myriad of architectures that Debian is committed to supporting, I'm guessing that flexibility will necessarily be part of the project.
There's always been Apt-Get.org for those of us who are using Debian on the desktop and on boxes that aren't intended for production but where do you get the newer stuff for the stable branch? Well, apt-get.org has some Woody backports but Backports.org puts all of them into a central repository and gives warnings, advice, etc right there on the index. This is good stuff.
There's still a fair amount of tub thumping going on about the poorly done attempt to backdoor the Linux kernel with all the usual bunch of trash talking done by all the same people who lack even the most basic understanding of what actually happened. The backdoor was never anywhere near the real kernel repository and was actually a break in on a CVS tree elsewhere. People need to calm down because although this was a first it was both poorly executed (both in code and in methodology) and came nowhere near being included in a released kernel. I'm unsurprised by the sheer number of folks trying to use this detection as the basis of an attack on the open source development method but please, trolls and detractors, do a little bit of homework first.
If you wanna know all of the messy details of what happened go read the KernelTrap thread linked above. It has the original email exchanges and some extra explanation from people involved.
I think I'm swearing off reading any of the Microdrones weblogs since they're all hopped up on PDC hype and spouting more tedious bullshit than average. I understand that the man pays the bills and when the man says "Say something bad about Linux" you jump right up and do it. This on the other hand is just pathetic. The principal point: sys messages on boot are too scary. Yup, better get your grandma a machine that doesn't show the BIOS on boot either. I won't mention a thing about "You have unused icons on your desktop" because I'm feeling mature tonight...
Yeesh. Purportal is yet another portal-like site that I'd actually use. It's a bullshit detector that plugs into Snopes, CERT, and a few other useful places. Damn you creators of useful things. You're completely making me eat my words on portal front ends.
I do miss the handful of HyperCard zines that I'd run across every month -- usually via a local BBS or something. I really liked that format and that it was freestanding other than the obvious platform requirements. This Is A Magazine gives me the same feeling and they do indeed make freestanding versions of issues. TIAM has the same attention to the format that I always loved about those old e-zines. They take advantage of the abilities of the format without leaving you with the feeling that the making of it was simply a process of learning how to use those capabilities. They also have a pretty healthy archive of old issues which I'll have to sort through when I'm not having trouble making my eyes focus.
That said and my old school tastes revealed, any suggestions for other projects to look at? I've always loved zines in whatever format but those early stabs at electronic distribution always make me nostalgic for the BBS culture that used to be such an important part of my life. Maybe it was just the time...
I decided to experimentally check out the squealing process on the Business Software Alliance site and was instead rewarded with this error. There could be software pirates boarding my ship and making me walk the plank while the BSA server hands out errors. Yeesh. Personal reflection: I don't want your software. Your intellectual property isn't worth the download.
Another day of disaster and more damnable disaster. Here is a capsule strategy for an IT department run by MBAs:
1. If it's working well and without complaints then hurry and upgrade it to something that doesn't.
2. If you bring pizza to a presentation we will buy your software.
3. If a company that produces marginally useful software is about ready to go belly up we'll buy as many licenses as we can get our hands on.
4. Of course we'll buy the legacy support package.
5. When you must cut jobs and lower salaries make up for it by purchasing a truckload of LCD monitors at a price slightly higher than what you'd pay for it at any chain consumer electronics store.
6. If you hook one of the aforementioned LCD monitors to a PII it will vastly improve morale.
7. Snacks at meeting are for full time staff only and management will not feel shy about pulling the snacks away from those who do not meet the minimum lead-ass, state employee requirements.
8. Use "teamwork" to make up for all of the things that haven't been getting done while you've occupied an office.
9. Servers that run after five o'clock are obviously wasting electricity.
I took tomorrow off for the obvious reasons.
Good news or bad news first? Well, the good news is that The Self-Made Critic has a new site and we can read the often hilarious and more often correct reviews all in one place. That is the good stuff.
The bad stuff is that actual implementation of the site and the horrible, horrible scrolling box thing that so many websites favor these days. It reminds me of those old handheld videogames that had this really colorful plastic ring surrounding the actual gaming screen and although you'd play the damn thing until your thumbs blistered up you really wished that your blob shooting smaller blobs at blobs roughly the same size as you looked as cool as the graphics decorating the damn thing. Anyway, it is the suckiest navigation imaginable because at least in my browser on my platform the little scroll arrows do exactly two things that are normally found on a keyboard: home and end. Suck. Suck.
The reviews are great as always but I'm just selecting all and copying the text into an editor to read them. I'm not entirely sure that beats reading them in a mail client...
Today was a day of hardware failures. It's difficult to be a support person who deals (in an ideal world anyway) exclusively with software and have to tell everyone I visit today that they're going to be down for at least the rest of the day. At least I didn't remove any fridge magnets from towers today. I guess I can take some solace in that at least.
My main desktop machine is still down as I am still fucking waiting for my power supply. Three weeks is more than enough to ship nearly anything from California to here. I am using my ridiculous killyou fluxbox theme at the moment and it looks much better on an LCD screen than it does on the desktop. Go figure. Some time in the near future I'm going to actually make all of the styles I've written publically available especially since fluxbox seems to be gaining a lot of users and I like to make sure that all of them work with openbox which used to be my primary window manager. The big crux is that I hate most desktop environments but I like my minimalist ones to at least be sorta pretty.
Enderle is probably going to end up becoming synonymous with flame bait. I religiously read his stuff because it never fails to astonish me with its transparency and ham fisted cheerleading. The newest thing that crawled out of Rob is a brilliant example of why analysts are worse than useless. Not only do they stagger around belching out paraphrasings of press releases as their contribution to the betterment of technology but they actually attack things that are useful. In a civilized society this would lead to being ostracized or plain old escorted out of town with vultures circling overhead but not here. This time around Enderle actually advises us to not give Microsoft such a hard time because we might hurt their feelings.The mark of a discerning genius:
What In Search of Stupidity and these PDC experiences reminded me was that Microsoft is unique in that it is a successful company of programmers run by programmers. Even though the company doesn't believe in the financial benefits of open-source software -- and it is in good company -- many do believe in the other aspects of the open-source community, including collaboration and code sharing. These people are working to implement policies and develop tools that will enable these activities.
It is clear that Microsoft now understands the security exposures. Granted, that understanding has come a little late, but that's likely because programmers often focus on cool features and often think security is just something they need to overcome rather than enhance. The company also is listening to customers like never before. However, if all they hear is "you suck," then they will eventually become jaded and frustrated -- much like I was at IBM -- by the fact that they get little credit for any positive changes they make.
Emphasis obviously mine. Bravo.
In the ever handy daily links section of Anil Dash's site he points at a great post about going on the offensive with comment spam. The idea is to follow the link trail and complain directly to the affiliates to get their accounts canceled. It's good stuff when paired with Jay Allen's MT-Blacklist and gallons of black coffee.
I got hit this morning pretty hard with something like 65 entries lambasted with pr0n spam and I was amazed at how functional and direct MT-Blacklist really is. I haven't seen any comment spam for a couple of weeks which was a wonderful contrast to a month ago when I was manually deleting comments several times a day. I've also been submitting most of the URLs I block to spam blacklists. Usually I'm not a huge fan of the big blacklists since they seem to do more harm than good as my domain is on more than one and has caused me grief on several occasions but I figure if anyone deserves to be blackholed it's comment spammers. All that said, I'm glad that people are chasing down the more persistent and annoying spammers but I still have to wonder what the hell the fella that owns those domains is thinking. Annoy the hell out of people who form spontaneous social networks and expect to get anything but punishment? Maybe it's time to start hawking herbal acuity supplements...
The weekend is seriously over and I'm leaking right into Monday morning here in order to maintain the enraged yet not fully awake posture that my fellow students and coworkers are accustomed to. I did watch The Filth and the Fury a couple of times which was interesting because it's the complete opposite of what most fans would like to project about the object of their admiration. The film is so depressing in its detailing of Malcolm McLaren's sleazy wheeling and dealing and Sid Vicious' stagger to self destruction that it's hard to watch in several parts. I was going to provide some linkage to the above but after skimming several related sites I wasn't really feeling that the Sex Pistols reunion shows were something I needed to bother with.
That whole reunion tour thing seldom produces much sympathy from me although I have gone to a few all of which were so horrible that they took on aspects of absurdist comedy. Watching Stiff Little Fingers go through the motions like wind up dolls was the last time I bothered.