Planet Larry

dbr left a comment on this site:

I concur with the other two comments - this is one of the nicer blog'y site layouts I've seen. The comment system is also actually pleasant to use, unlike every single other one I've (not)-used \o/

—dbr (May 16, 2008)

Thanks for the compliment. I have talked before about my philosophy towards forms:

I do not make want to make it like Indiana Jones and the Last Crusade just to make a comment: roll under a flying saw, spell something in Hebrew and then take a flying leap into the abyss. Furthermore moderation of spam is my problem, not yours.

—Zeth on comment-spam (3 July 2007)

dbr continues:

One slight bug, you need to enter two backslashes to make it visible.

—dbr (May 16, 2008)

That is not a bug that is a feature! That is the escaping mechanism of ReStructuredText (as well as Python and lots of other languages). The comments form does not allow HTML but it allows ReStructuredText, as I explain below.

Ryan also left a comment:

For your blog post model, what did you do for entering posts? Do you still use the default admin interface, or did you make your own views for posting and whatnot? I haven't looked into it much, but does Django automatically include much in the way of wysiwyg text editors for text fields?

—Ryan (May 15, 2008)

Answering your questions in reverse order:

• Wysiwyg text editors

There is no default Django WYSIWYG text field, but some people use Javascript components such as TinyMCE which slots in nicely (instructions).

• Default admin interface vs own views

I have the admin interface as one way to enter posts, but I also made a simple command-line tool for entering posts, I also made some scripts for importing all my old posts from Pyblosxom.

I did create one admin view, I overrode the 'delete comment' view to create a button that adds the IP addresses of deleted spam comments to a block list.

At some point I will make a 'Preview' view and button. At the moment I can save posts as drafts but not view drafts in the site template before it goes live.

• What did you do for entering posts?

I write a new post in a real text editor such as Emacs or gedit in ReStructuredText format, which I can then either paste into the admin interface, or use my little script to squirt them into Django.

Markup in Django

'contrib' forms the 'standard library' of Django. One of these packages is called "markup". It provides filters for three markup languages: ReStructured Text, Markdown and Textile.

I chose to use ReStructured Text because using that to write my new posts because I like the format and getting confident with ReStructured Text will be useful in lots of other contexts also.

To use it in Django, just add django.contrib.markup to the INSTALLED_APPS list in settings.py. In a template, you can load it and use it like this:

{% load markup %}
{{ comment.comment|restructuredtext }}

In the next post I will explain how to write in ReStructured Text,

I got it from my sister’s digicam. Thanks to Leerz for the walkthrough. This worm is really annoying especially if you are more comfortable doing stuffs in the console.

1. Check for any bar311.exe, Autorun.inf, pc-off.bat files in mounted drives.
2. Delete if found.
3. Edit the following entries in the registry.

HKCU\Software\Microsoft\Command Processor\"Autorun"
HKLM\Software\Microsoft\Command Processor\"Autorun"

Alternatively, you can download Noob.Killer, run it, then watch and learn.

I symlinked my .vimrc to my local mirror of my website so that every time I rsync it (which is pretty often) it'll automatically update my the vimrc on this server. So that should be fun. I experiment with things in there all the time so at any given moment there are likely to be things horribly broken, but maybe someone can use some of it.

This mirror of Ciaran McCreesh's vimrc which I found linked from here (edit: updated version here) has lots of good stuff in it. In particular using :set listchars to display tabs and trailing whitespace as some funky Unicode characters is a really good idea. When I first tried that good idea I realized my favorite font ProggySquare didn't properly display most Unicode characters, which was part of my motivation to switch to Terminus. (That, and those tiny Proggy fonts aren't so great on a 1920x1200 monitor.)

After a long time putting it off, I finally hunkered down one day and figured out how the heck Vim script works. The difference between statements and expressions in Vim script language confused me for a while, which goes to show that I'm far too used to Ruby and Lisp where almost everything or everything returns a value as an expression. Vim expects expressions in certain places and colon-prefixed commands in others. But then there's normal and eval and execute and "= some of which let you do things from one mode in another mode if you mix and match them. But I think I've gotten a handle on it now.

Today I came across Limp which is a recent attempt to get Lisp to work well with Vim. It seems quite new and buggy and had dependencies on things I had to guess until I was able to install it (like rlwrap), but I still was excited about it. Until I realized that it's just a wrapper around GNU screen. SBCL runs separately, and some keystrokes send stuff from Vim to screen, but that's about it. Nice, but not nearly as nice as SLIME in Emacs. So that disappointed me. In the back of my mind I always think about how Vim could possibly be integrated with Lisp like SLIME does but I don't see any good way. Vim doesn't have the ability to embed shells like Emacs and it doesn't look like it will gain that ability any time soon. Ah well.

By some people’s logic, this how the economy is supposed to work:

1. New companies emerge all the time.
2. No companies ever close.
3. Consumers always buy the cheaper and better products.
4. No products ever become obsoleted and force the company to go out of business.

Sounds perfectly reasonable, doesn’t it?

When a new company opens in a town and provides a thousand new jobs, there’s noone protesting that this is unfair, we didn’t do anything to deserve this, that you can’t just suddenly create new jobs out of nothing, there aren’t people complaining that it’s not right, we didn’t get jobs at the new company. No, people accept it with great fanfare. Great, the economy is growing, our town will prosper! People will have more money, there’ll be less unemployment, we’ll be able to afford a higher standard of living.

And yet when, after 40 years, the company goes out of business or moves their production to a cheaper location, people say this is outrageous, 1000 jobs will be lost! There’s anger and pandemonium, how can they do this to us, we were loyal to the company for 40 years. People appeal to some sort of higher ethical body; you can’t take our livelihood away, what are we going to do with ourselves? And the town itself, which never had much industry, and really just had that one company that employed everyone in town, starts to regress. People move out in search of jobs, young people leave and don’t come back, noone moves in because there’s no local economy.

It’s a sensitive topic. Losing your livelihood is one of the more challenging life situations. But before you start screaming that it’s those damn crooked politicians and those greedy executives that have stolen your life, take a moment to think about why you had that job in the first place. In fact, let’s start with the basics: what does it mean to have a job?

It means that you are producing a product or offering a service that someone is willing to buy. It does not mean any of these things:

1. Someone is being nice to you.
2. You deserve this.
3. You’re going to keep your job because you’ve been loyal to the company.

If you actually believed any of that then you were under a complete misapprehension. Sure, sentimental concerns do come into it sometimes, like the boss’s son getting a summer job because he’s family. But in the long run, the only thing that matters is the economic reality.

If you think that’s a raw deal, think about this. Most artists aren’t wealthy, in fact most artists are struggling to get enough work to live on. A painter may think that he deserves to live a decent life as a painter, but if noone is willing to buy his work, well he’s not going to. Is that unfair? No, it isn’t, because if he’s not producing anything of value, why should anyone have to pay to keep him in business? So if a painter can’t do the job he wants to, why should it be any different for you making shoes, or catching fish, or whatever it is you do?

There used to be people working in elevators who would press the buttons. We don’t need them anymore. Shepherds aren’t in great demand either. Neither are telegraph operators. These professions have all be superseded and they’re not coming back. Many others still exist, but have been moved to where production is cheaper, like textiles.

It’s always a turbulent transition, you can be sure of that. We don’t have hunters anymore, we have domesticated animals now, no need to chase them in the woods. Think about how many hunters were out of work when this happened. But what should they have done, lynch the guy who came up with the idea of keeping animals on the property? Compared to the hunters’ relatively narrow interests (although there were many of them), domestic animals were very beneficial to the village. For one thing, you didn’t wonder where dinner was coming from, the animals were right there. So should the villagers have discarded this new idea just to make sure the hunters could keep their jobs?

I’ve got news for you. The very same thing you’re protesting against, your job being taken away, you’re doing the same thing to people everyday. That’s right, you’re not so innocent yourself. Have you ever bought a car from a different automaker, because it was cheaper? Did you ever buy peaches from Spain instead of domestic apples? Well, I’m sure it must have been a very gruelling decision for you, right? I mean to think that you could be putting car makers and farmers out of business because you’re not buying their products, that’s a tough one to swallow.

And what did you get out of it? You could afford to buy more things, because the new products were cheaper. And they didn’t break as quick, so you could use them longer. And they had some functions that the old products didn’t have, which made you happy. And just as this was happening, the old companies that couldn’t stay competitive were going out of business one by one, people were losing their jobs. But hey, you got a pretty good deal out of it, didn’t you?

Here’s what it comes down to. You’re not entitled to your job. You’ll only have it for as long as people are willing to buy your product. And even if you’ve had it for 40 years, that doesn’t mean the global market won’t make it obsolete tomorrow. There was a demand for your product, now there isn’t. You didn’t do anything to deserve getting it, and you didn’t do anything to deserve losing it.

Debian and Ubuntu are not random enough

There is has been a bug in random number generator on Debian (from Etch onwards) or Ubuntu (Feisty onwards). You should already have a security update for the number generator. If you have not yet accepted the update then do so.

The Debian and Ubuntu distributions have even made the warning pop up on user's screens. Just apply the update, see below, and replace your keys and you are done.

If you are on an operating system that has apt-get then you probably want to look at what is going on. If you are on Gentoo or another distribution then for now you can just smile quietly to yourself.

Bugs in the number generator are bad mojo because there are less combinations, depending on the severity of the bug, it makes a brute-force attack go from almost completely impossible, to either still very improbable down to theoretically possible [update: or in the Debian case, quite possible if certain things are known about the target system ].

SSH is often the first point of entry to a Linux machine (but not the last line of defense) so bugs here are particularly prominent.

However, lets not have a panic attack about it. There are a dozen ways to get into someone's machine. In proprietary software land, they probably would have just ignored this kind of theoretical exploit to keep their marketing team happy. For a proprietary software company, still existing in five years time is a higher priority than a theoretical brute-force attack using hardware of the future. Free/Open Source Software forces good security, your dirty laundry is washed in public. Today's theoretically possible attacks are tomorrow's malware. If we ignore all these things then we end up with an operating system akin to Windows.

If you are on Debian or Ubuntu, the security updates means that any new keys will be to the desired level of randomness, but your existing ones need to be ditched. The update manager does not do this for you in case you are then left unable to log into remote systems.

Swapping out your SSH keys

Cleaning this up is easy. Run:

sudo ssh-vulnkey -a

This outputs a line for each SSH key on your system:

Not blacklisted: 2048 <key fingerprint> <filename>
Not blacklisted: 1024 <key fingerprint> <filename>
COMPROMISED: 2048 <key fingerprint> <filename>
COMPROMISED: 2048 <key fingerprint> <filename>
Not blacklisted: 2048 <key fingerprint> <filename>

So the ones that came from Gentoo or another Linux distribution are okay as far as we know. The two Ubuntu ones we must delete or archive somewhere else. To delete the keys use rm.

Now we might like to generate replacements, so we can still use SSH as before:

ssh-keygen

So to make this simpler, one of the lines was: COMPROMISED: 2048 49:37:38:f4:86:28:ac:b1:7e:a6:df:bd:1d:a4:da:81 /home/warrior/.ssh/id_rsa.pub

That is the public key of the local machine. So we get rid of it:

rm /home/warrior/.ssh/id_rsa rm /home/warrior/.ssh/id_rsa.pub

Now we want a new one:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/warrior/.ssh/id_rsa):

The brackets mean that is the default, so I press enter.

Next it finds an existing key (the private half of the existing keypair);

/home/warrior/.ssh/id_rsa already exists.
Overwrite (y/n)?

We want to overwrite it so we say we yes.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/warrior/.ssh/id_rsa.
Your public key has been saved in /home/warrior/.ssh/id_rsa.pub.

Now we are done.

1. Build a cheap and ultra portable machine that looks cool but that does not have everything in. Don't compromise too much to get millions of hardware features. A 10" display with 1000x600-ish resolution, a processor that gets the browser running at an OK speed, a very good touchpad. 1GB of RAM so you don't need swap to run. Only very little solid state harddrive.


2. Set up a service that is connected into every aspect of the machine: Allow people to have their "home directory" on your server for backups. Let them pay for it. Allow people to buy all kinds of neat services. Don't get greedy by trying to lock them into one operating system or platform but offer benefits: Build a service that allows people to have their pidgin conversation logs on your server and guarantee backups. Guarantee encryption for their personal data. Do similar stuff for other software (while still keeping the base system free of charge and updates cost-free, too).

If you have signed up to my site's RSS feed, please update to http://commandline.org.uk/feeds/full/ as soon as possible. Then you will be sure not to miss any of my exciting adventures.

This main feed should work the same as the old one, however, I have provided a number of extra feed options. if that is your bag.

Update: I am hoping all the old feeds should do something now.

I took a few minutes today and cleaned up a few small bugs on Planet Larry and friends.

One thing I get asked for every now and then is if I have archives of past posts. Well, I do now. I just copy the HTML file of the last post to $date one each run. A simple and unelegant solution. I’ll be doing the same thing for Planet Gentoo soon.

Also, fixed the FeedBurner link on the main page — I didn’t even realize it was broken. While I was at it, I created one for Universe as well.

On the packages website, I finally fixed it so you can search against just packages again. That’s been annoying me for a while. By default the search is way too wide, I think. It will search the full atom, the package description and the package name. I have to do the package name twice because of regular expressions (starting with, ending with, exact matches, etc.). And there’s still no simple way to search for packages containing multiple words, which is also an annoying little bug. Advanced searches for GPNL and Packages has been something I’ve wanted to do for a long time, but have been putting off since I started the projects. Sheesh. Every time I sit down and start to poke at it, though, I realize just how big a beast it is, based on what I’d like to accomplish. I really need something for the interim, though.

Anyway, I better quit before this post gets any more boring. One last thing — we can use more users who are Gentoo users and have a blog on Planet Larry. Just drop me an e-mail and I’ll get you setup.

or how not to serve robots.txt with PyBlosxom

So as you may have noticed, I moved this site from PyBlosxom to Django, which depending on your perspective is a fabulous thing to do or is tantamount to treason on the high seas. I will explain more about that later.

Old links to the site should, in the main, still work hopefully as I have done some regular expressions jujitsu which should hopefully send everyone to where they were supposed to be going.

However, some posts and comments will have their formatting up the creek. So I want the old version of the site to be available (at archive.commandline.org.uk) for a while longer.

Because the archived version is deprecated and on the way out, I do not want the search engines to index it. Therefore I needed to make a robots.txt file for that subdomain excluding them from indexing it.

The last version of this site, like many dynamic sites, is composed of a number of layers, part of which was a lot of my own nonsense code doing various things. Ignoring that, when a request for a packet came in it would go to WSGI which would then pass the request on to PyBlosxom which was at the bottom of it all doing the hard work.

To deploy it properly, one would normally put Apache at the front as well, but I never got around to that. In theory this is a bad thing to do. But in practice it worked really well without the huge and complicated server that is Apache in the mix. It actually ran fine for a year without stopping, and blazing fast too; if it also confused a few comment spam bots then all the merrier.

So I tried putting Apache into the mix so I could use a Location directive to direct /robots.txt to somewhere with the robots.txt file, but no joy, this would have required doing a lot of what I never got around to before.

So I then looked into how the test server was deploying the site, thinking that I could do some kind of smart regular expressions type matching like in Django or Pylons. But nope.

Hack for the win

So the next step down is PyBlosxom, so I looked out of chance in Pyblosxom/pyblosxom.py and saw the following:

def __call__(self, env, start_response):
    """
    Runs the WSGI app.
    """
    # ensure that PATH_INFO exists. a few plugins break if this is
    # missing.
    if "PATH_INFO" not in env:
        env["PATH_INFO"] = ""

    p = PyBlosxom(self.config, env)
    p.run()

    pyresponse = p.getResponse()
    start_response(pyresponse.status, list(pyresponse.headers.items()))
    pyresponse.seek(0)
    return [pyresponse.read()]

Bingo! As soon as I saw it, I just somehow, on auto pilot, typed in the following lines before the line p = PyBlosxom(self.config, env):

if env["PATH_INFO"] == "/robots.txt":
    start_response('200 OK', [('Content-type','text/plain')])
    return ["""User-agent: * \nDisallow: /"""]

And unbelievably it worked. What I had subconsciously done was to see that we have some kind of string referred to by env["PATH_INFO"]. Then further on we have an object called start_response which is being passed a status and some headers. Then we are returning the response.

I was kidding around more than anything so I just replaced everything I didn't know about with reasonable looking constants (you will know these well if you have ever done Python CGI programming).

I am sure there are millions of far better ways to serve robots.txt with PyBlosxom. But this hack works for me until I no longer need the old site anymore.

Mughlai and Jalfrezi are better than gruel

A few hundred years ago, the great mass of the British poor ate gruel, while the middle class ate bland over-boiled vegetables. However, as a naval people, the British went out around the world with their empire, and brought food and foreign chefs back with them. Now British people can and do eat food originating from the whole world. Not just the rich, normal working class people will regularly eat curry, Cantonese food, kebabs and so on that would not have been imaginable before.

If I tried to explain this to a 14th Century peasant eating his gruel, then he probably would just ignore me, having no idea what I am talking about. At best he might look at me strangely, and then go back to his life of gruel.

Windows is the gruel of the digital world. There are certain people that understand this fact and have moved on to greater and better things, however most people take what they are given and swallow it as best they can.

What is an operating system?

If you don't know what a computer program is, think about cooking. In cooking you have tools, such as an oven and a blender and you have ingredients such as vegetables and meat. The recipe allows you to use the tools to take your food (ingredients) and turn them into to other types of food (meals).

In computers, you have tools (called hardware) such as a DVD player, a screen, a keyboard, a hard drive and so on. The computer program is the mathematical recipe that allows you to take your data (text, pictures, videos, etc) and then do various things with it. So for example, you might use a computer program that takes a song from the hard-drive and then plays it out of the speakers.

An operating system is a set of computer programs that makes your computer hardware do the basic things (put text on the screen, play sound, and so on). You might then run other programs to do more advanced things. It is like your recipe book.

People who are in to cooking will try out lots of recipe books, and in doing so, they do not starve because they have bought a different recipe book, indeed the opposite happens, they cook so much that they do not have time to eat it all themselves so have to give food to their family and neighbours.

By changing recipe book, they don't suddenly become unable to cook, they in fact get better as they move on to better and more advanced recipe books.

If you turn on you computer and see Windows, then Windows is your current 'operating system'. If you have only ever used Windows, don't you think it is time to give up the gruel and try a new recipe book?

I think so, and if you think this way then you have come to the right place!

About Windows

Windows started on home computers and was commonly used for playing computer games. Though some shifty business deals in the 1980s and 1990s, Windows became pre-installed on the PC and so became the main operating system used by non-technical users.

However, there a lot of people that think that this situation is not good for humanity and we need to progress past it.

Why? Well lets look at some of the reasons.

Firstly, Windows does not promote a competitive industry. Only Microsoft can sell Windows, only Microsoft can really provide complete support for Windows. Mainstream PC shops may only stock Windows PCs.

So you have one company earning billions of their monopoly, with these excess profits, Microsoft can then give campaign contributions to politicians to make sure they don't make the industry competitive or hold Microsoft to account when they break the law.

Weak, bribed, politicians allow Microsoft to use the educational system as a giant marketing tool, indoctrinating a new generation to become helpless and passive recipients of Microsoft's, and only Microsoft's, products.

Secondly, each version of Windows is developed in secret, and then launched with billions of dollars worth of marketing to make you believe the magic; however like all magic, it is no replacement for public peer review. Microsoft don't like public peer review because they know that when compared fairly to other operating systems, Windows always loses.

The fact that there is no public peer review, and no effective competitive pressures, means that Windows is not very well engineered. When the main architecture of DOS and Windows was created in the 80s, it was already 20 years behind the state of computer science; and it has not really changed that much since.

This 'closed-off from the world in my own cave' approach to software engineering means that Windows is plagued with security problems, it uses computer resources inefficiently, wasting electricity and requiring unnecessary replacement of perfectly fine computers that could have lasted another five to ten years.

Fourthly, a software mono-culture, like a biological monoculture, is not very healthy. If a future Windows virus wipes out all of the world's Windows PCs, then 90% of the computer using population are offline, without their data and without access to government services, Internet commerce and digital information. Businesses would collapse and the western world would be plunged into a digital dark age.

Fourthly, because what Windows is doing is a secret; if you use Windows, then you are not in control of your computer, Microsoft is. Windows reports back lots of data to the USA which is then made available to whomever Microsoft wants to share it with. While most of us are not interesting to the US security agencies; Microsoft can sell your private information to anyone.

In short, Windows leaves your backdoor open to Microsoft, but even if you trust Microsoft, the US government, and all companies that Microsoft might sell your information too; the fact there are built-in backdoors means that anyone, criminals, terrorists, anyone, can potentially walk through Microsoft's backdoor to access your private data or install viruses or tracking software on your PC.

There is another way...

...Indeed there are lots of them! The opposite to Windows slavery is software freedom. And with freedom comes lots of choices, and choices are good! If you have spent a lifetime eating gruel then you might resent choice, but then remember the intolerant character in Dr Seuss' classic "Green Eggs and Ham", who resists and resists trying out new things for unjustified reasons.

The operating system I currently use is GNU/Linux (commonly just called Linux), which started out in Universities and parts were contributed by thousands of volunteers over the world wide web; others soon joined in, such as small and large companies, charities and even the American military.

Unlike Windows, any company or individual can share, sell, give away or provide services for GNU/Linux, anyone can change it, and there is complete public peer review. There are no hidden traps and you are in control of your own computer.

Also the way Linux executes programs is based on a completely different architecture. There is no concept of an untrusted, unknown program having access to everything. The problems that plague Windows, viruses, spywhere, malware and worms, do not exist in the Linux world. They have never existed and will never exist, because the architecture of the system is not designed that way.

So as I said before, anyone can give out Linux, so lots of people do (remember: choice is good) most versions are free and you can legally share them with your friends and neighbours without having to ask anyone.

Give it a go!

Vor ungefaehr 2 Wochen war auf einmal eine Festplatte mit 80GB nicht mehr ansprechbar. Ich konnte das Problem mit dem Austausch des IDE-Kabels beheben. Die Platte war kurze Zeit spaeter wieder nicht ansprechbar und liess sich auch nicht mehr zum ansprechen ueberreden. Jetzt ist mir auch noch eine zweite 80er Platte kaputt gegangen. Jaja, ich weiss, sie waren alt, und auch die letzten 5 Jahre im Dauereinsatz…

Dennoch ist es aergerlich fuer mich auf einen Schlag zwei Platten zu verlieren, die ich u.a. dafuer genutzt habe meine Backups drauf zu schieben.

Ich moechte eigentlich ungern wieder feste Platten in einen Rechner verbauen. Externe finde ich da irgendwie praktischer. Schon lange liebaeugel ich mehr oder weniger mit einem Linksys NSLU2 und bei den aktuellen Plattenpreisen… Ich stell mir das gerade vor mit z.B. zwei 500GB Platten von WD (zum Beispiel diese hier). Ich finde das Nett! Das sind mal schnell zusammengefasst 1TB Speicher verfuegbar im Netzwerk incl. eines sehr netten Geek-Toys fuer ~225€…

Bevor ich mir jedoch ernsthaft Gedanken ueber eine evtl. Finanzierung mache, moechte ich wissen, ob das Ding auch von der Hardwareleistung her vernuenftig Streamen kann. Interessant ist es ja fuer mich z.B. im Zusammenspiel mit meinem XBMC. Laut Aussagen in Foren (z.B. da) geht das… Noch weitere Stimmen?

I look at Vim 7 or 8 hours a day, so it's nice if the colors don't give me a headache. I've used ps_color for years but recently I decided it's a bit too washed-out and it has some quirks that make it hard to read Ruby code. It's hard to find anything else that's any better though. inkpot is good but it's a bit too monochrome for me. I like things to have a very distinct hue rather than rely on saturation or subtle differences.

So I started writing my own color scheme. For some reason that's beyond me, I seem to gravitate toward purple and green. Green is my favorite color, but why purple? I think it might be due to Gentoo brainwashing, so I called this color scheme Gentooish. I've been using it for a week or so and I keep changing things that annoy me, which will probably continue, but it's non-sucky enough to upload at this point probably.

Download gentooish.vim.

I've never written a color scheme before, but it's not difficult. inkpot had nice clean source code so I used that as a basis. ps_color's source is horrific.

Sadly I'm not 100% sure how vim color schemes map to colors in a terminal. Konsole, urxvt, xterm, and a real terminal all show me different colors when using the same color scheme. So I didn't bother with it.

…und die auswirkungen der bodennahen sonnenstrahlen auf die psyche der zentraleuropäischen hochgebirgsbewohnenden landbevölkerung

klingt ja schon mal interessant…

könnte auch interessant werden, sofern man es wagt, sich bei den aktuell herrschenden wetterbedingungen dem kontakt mit der angeführten bewohnerschaft des mittleren und unteren rheintales sowie der bevölkerung des vorderen bregenzerwaldes auszusetzen…

nun, ich tat es und ich tu es nach wie vor. warum? versuch dir mal einen biker im wohnzimmer vorzustellen! geht nicht? nein? na dann wirst ihn wohl auf der strasse antreffen…

so, und jetzt nach diesem kurzen exkurs ins reich der phantasie zurück zum thema: das wetter, die damit verbundenen physikalischen realitäten und der mensch des unteren, mittleren und des oberen rheintales sowie des vorderen bregenzerwaldes. ach ja, und die touristen, eigentlich, so wie sie sich verhalten, besser als terroristen bezeichnet, die darf man auch nicht vergessen!

nun, was zeigt uns das alltägliche leben? mit steigender temperatur steigt der rocksaum der jungen zentraleuropäerinnen. ob das nun positiv oder negativ zu werten ist, sei voerst einmal aus der betrachtung ausgeklammert. eine folge des rocksaumanstiegs ist auf jeden fall der anstieg des hormonspiegels der dazugehörigen, jungen und vorzugsweise männlichen hochgebirgslandjäger. daraus folgt naturgegebener maßen ein drastischer abfall der hemmschwelle, einhergehend mit einem ebenso drastischen schwund der zurechnungsfähigkeit. das ist relativ leicht am dauernd geöffneten mund eines jungen, vorzugsweise männlichen gebirgseuropäers.

klingt nun, als wären davon nur junge alpenhirschen betroffen, aber nein, bei abhandengekommenseins der angetrauten senn- und alpbewohnenden weiblichen bevölkerung tritt dieses phänomän der offenen klapparatur auch bei alpendjangos der gehobeneren altersklasse ebenfalls auf. das geht soweit, bis der offene mund und der gekrümmte rücken mit hilfe von sogenannten oder auch heilbehelfen gestützt werden muß. dann erst kann dieses phänomän nicht mehr beobachtet werden. scheint, als ob das sture auf-überbreite-gürtel-glotzen in direktem zusammenhang mit dem sinn- und unsinnlosen öffnen der klapparatur steht.

zurück zur höhe des rocksaums und der positiven oder negativen bewertung: auch hier konnten schon diverse beobachtugnen gemacht werden, die zwar unlogisch, aber in der natur immer häufiger vorkommen und demzufolge schon die wandlung von der these zur theorie vollzogen haben.

die höhe des rocksaums ist quadratisch proportional zum durchmesser der beine, die darunter hervor hängen. das bedeutet, de größer der durchmesser der beine ist, desto höher, und das sogar quadratisch!, ist der rocksaum angeordnet.

was heißt das nun? also, schlanke beine werden sehr häufig durch jeans oder knöchellange beinkleider anderer macharten versteckt und damit regen die beinträgerinnen die phantasie der männlichen alpenhirschen an, während bei kurzen, sehr groß bemessenen durchmesserstarken beinen grundsätzlich möglichst nahe an den scharnieren der rocksaum zu finden ist. eine drehbewegung der männlichen alpendjango-köpfe ist sehr oft die folge. allerdings nicht hin zu diesen beinen, sondern weg! man könnte dies auch mit fluchtinstinkten umschreiben.

welche der beiden varianten nun als positiv und welche als negativ bezeichnet werden kann, ist nun schwer zu definieren. die weiblichen alpendjangos und terroristinnen haben da sehr häufig gegenteilige ansichten als die männlichen exemplare.

wie sieht das nun mit einem erkennbaren defizit an gehirnbetätigung aus? und woran erkennt man so ein defizit an einem freilaufenden alpeneuropäer oder terroristen?

nun, das ist recht einfach: sogenannte importeuropäer, erkennbar an gelackter kopfbehaarung in dunklerer ausführung, drehen allen beinen den kopf nach. egal, wie sie aussehen und wo der rocksaum zu finden ist, hauptsache, es handelt sich um eine beinträgerin! nach erfolgter eroberung wird diese dann mittels kopftuch und bettwäsche vor der umwelt geschützt. oder die umwelt wird vor ihr geschützt, diesbezüglich gibt es keine gezielten beobachtungsergebnisse. anders ist es bei den ursptrünglichen alpeneuropäern: diese beginnen bei anblick eines massiv-gebirgstauglichen zentnerbeines mit den augenbrauen zu zucken und noch undeutlicher zu lallen als unter dem gewöhnlichen alkoholeinfluß. und schlußendlich die erkennbarkeit bei terroristen, die ist sehr einfach: zusammenkommen von sauerstoffmangel und frei sichtbaren beinen jeglicher form und jeglichen formates lösen plötzliches fallenlassen von müll jeder art und gleichzeitigem zücken eines fotoapparates an allen möglichen und unmöglichen lokalitäten aus. blitz und bruzzel und feddisch issa, der olle touri…

gibt es sonst noch auffälligkeiten zur herrschenden großwetterlage, dem drohenden stauwochenende und den europäern? klar! europäer werden in blechdosen hingekarrt, wohin auch immer asphaltbänder führen, vorzugsweise zu straßenräubern des 21. jahrhunderts, den italienern. auf dem weg in deren reich werden, soweit es nur irgendwie machbar ist, alle kreuzungen verstopft, klaustrophobieanfälle und kreislaufkollapse en masse und dazu weißwürste und weißbier, was auch immer das sein soll. und ist dieses nicht verfügbar, ein hefeweizen tut’s auch… und die angestammte alpenbewohnerschaft dreht am rad…

und ist der spuk vorbei, bleiben einige kfz-mechaniker auf ihren rechnungen und die landbevölkerung auf zigarettenstummeln sitzen… und die filmrollen in den mittelalterlichen radargeräten müssen ausgewechselt und schöner erinnerungsfotos ausgearbeitet werden.

fazit: touristen, oder auch terroristen, sind mindestens so bradngefährlich wie elefanten in miniröcken… und alles dreht sich im kreise…

Ok, so I know we announced it at around Christmas, but *now* the Mindstab AI Go Competition is starting to get under way. Both Rob and I now have entries that can compete, though mine is mostly just an over engineered random bot, until I get even more framework in place.
Still, everything has really started happening this week as now that school is over, I've had some time to devote to this, so my bot finally got off the ground. And then we got together to day and hacked on the server some more cleaning it up, and making an 0.2 release of out Go client/server software.
Finally, and most fun, we whipped together a Matchs page where you can see all the results of games so far. See, real proof that things are happening!
So with this out of the way I can really start to focus on the bot. To that end I've defiantly come up against some quicks in Lisp and SBCL. But then today we were also working in C, Python and PHP and we certainly came up against some quirks in the first two (oddly PHP really does manage to get out of your way and let you do your thing). Still, I think I have things mostly worked out and I can focus on the bot. Which is fun because I'm finding for the most part I'm really enjoying coding in Lisp and Slime+Emacs is pretty rocking. As for the bot, I'm excited. I've got some fun plans for it and I haven't done nearly enough fun coding since school's been on.

Right, so when doing C development on Ubuntu I suddenly noticed something was missing in the pan pages department. Like all the C api.

apt-get install manpages-dev

ah that's better. Someone might want to make it part of the 'build-essentials' package.

The Spring '08 semester has finally drawn to a close. I'm so glad I'll be able to go back to getting reasonable amounts of sleep, and not going to school for several hours a day, then working close to 40 hours a week as well. I'll be much happier being able to split my time between BIOSLEVEL.com and Buffalo Wild Wings.

For BIOSLEVEL, Sapphire recently sent us new AMD 780G chipset motherboard, Radeon HD3450, and an overclocked Radeon HD3870. Between the motherboard and Radeon HD3870, there's a pretty powerful machine just waiting to be powered. Several companies sent us additional parts for the review, which included 2GB of RAM, a quad-core Phenom CPU, and a slew of heatsinks. The reviews of the motherboard and videocard have been posted, and I've got several reviews lined up for the donated components as well. I'm just amazed at the piled of stuff that was shipped to us to power the motherboard.

Simply put, I'm surprised at how well the motherboard's ATI-based integrated graphics performed in Linux. This won't be a motherboard I let out of my sight anytime soon. Since my last final on Wednesday, I've completed an entire two reviews in a single 24-hour period. It's so ridiculously nice to have time away from school again.

Maybe this'll finally be that summer I do something truly productive (and profitable). I've got all the ideas lined up, but do I have the time or motivation to do it? Time will tell.

In Linux when I use SSH I usually pass the host and port and username on the command line and then type the password when prompted. (In those rare cases I don't use certificates to log in without a password.) In Windows, PuTTY makes you pick a host and port and then prompts you for the username AND password.

This leads to unpleasant results. I'm so conditioned to open SSH and type my password at the prompt and hit Enter that I often end up typing my password as my username in PuTTY. Bad.

I've sometimes opened webpages that have some stupid Javascript bullcrap that tries to auto-focus the username field in a login form. But if you're a fast typist (and mouse-ist) like I am, you can focus the field, type your username, and hit tab to get to the password field before the long-loading Javascript bloat has a time to load and run. Which can result in auto-re-focusing the username field, which if it happens at just the right instant, results in my typing the password into it and pounding Enter before I have a chance to notice what's happened. Bad bad bad.

I use a computer far too often to have time too read every prompt, which leads to bad things. Anyone who's used to flying around an interface at light-speed by instinct and repeated learned behavior has experienced this kind of thing I'm sure.

This is horrendously bad because these programs often log the usernames of login attempts in plaintext in logs that lots of potentially evil people have the ability to read. The logs don't usually log the passwords of login attempts, but if you type a password AS a username, oops, you're screwed. Thankfully I'm root on most or all of the machines I ever SSH to, and I can go into /var/log and erase my mistake from the logs before anyone can see. But that doesn't help for web pages I don't know. And I wonder how often this kind of thing happens to other people. I wonder how many people who aren't familiar with computers accidentally send their password as their username to a bunch of websites.

After all the effort we go to to try to secure computer applications, these kinds of stupid human factors can still so easily ruin everything.

The Good

Firefox 3 Beta

Wubi

The Bad

Bootsplash

Drive encryption

The Ugly

Pulseaudio

Summary

A few days ago, I spoke with John Phillips (he is a computer science professor and adviser here at Mansfield) and I found out that I had made three class-selection errors in my Fall 2008 schedule. Luckily, he was able to set me on the right track. My new schedule is linked below. Instead of Accounting II (sorry to Dave and Vinnie), Data Structures (sorry to Dan McKee), and Honors Research (sorry Sara, Andrew, and others), I will be taking Computer Organization, Finite Math, and Principles of Microeconomics.

Revised Fall 2008 Schedule (PDF).

After the big download, I kick-started the installer and I couldn’t believe my eyes: That service pack wants to have 1475 MB free space while installation - true, that number sounds scary, but it wasn’t better with the second service pack.

Since the machine boots again, I am looking through application changes - in other words, what does not work any more. But luckily it is only the ATI-Catalyst 8.2 having problems: screen rotation does not work any more. I have not spotted anything else acting strange by now…

After one week delay, the third service pack for Microsoft Windows XP arrived. You won’t believe it: It’s even available via automatic update.

But what’s inside? First of all, it’s a huge file being 313 MB which means a rather big download and a longer installation. But what’s under the hood? Can’t tell by now. I’m just installing.

http://world.std.com/~franl/worm.html

A Slashdot article reminded me of one of my favorite technical articles on the Internet entitled “A Tour of the Worm", an in-depth historical and technical look at the Morris worm. The Morris worm, mistakenly unleashed in 1988, was one of the first significant worms to strike the Internet, and it caused enough damage that it arguably has done the most relative damage of any worm since then.

Check it out if you haven’t read it, or even if you have; it’s a fascinating look at the early days of the Internet. http://world.std.com/~franl/worm.html

Here’s the thing. I hate stating the obvious. It really annoys me. On the other hand, obvious things are sometimes things that most need to be repeated. So I wrestle with myself and I finally decide that I should, because there is a shockingly large number of people out there who don’t realize how obvious this is. See if you can learn something from this mock dialog.

Vendor: Good morning, is this Harry, the CTO*, I’m speaking to?
Client: Yes, how may I help you?
Vendor: Hey Harry, this is Steve from Microsoft. I would like to talk to you about Windows Vista.
Client: What’s that?
Vendor: Why, it’s the brand new version of our Windows operating system.
Client: Oh, that.
Vendor: I was wondering if I could interest you in our product.
Client: You know what, I don’t think so, we are a very security sensitive company, and..
Vendor: But that’s precisely the reason I’m calling, I would like to tell you how you can enhance your security with Windows Vista. You see, we’ve built the operating system with security in mind and it’s the state of the art in operating systems.
Client: Hey, that sounds pretty exciting. So how does this work now, you ship us the source code and…
Vendor: No no, we don’t distribute the source code.
Client: You don’t?!?
Vendor: No, you see it’s a trade secret. (my precious etc)
Client: You’re kidding, right?
Vendor: No, really.
Client: So how do we know that it’s actually secure if we can’t see for ourselves? How do we know there isn’t anything malicious in it?
Vendor: Well you’ll just have to trust us.
*Harry hangs up*
Vendor: Hello? Harry?
*CTO - the highest placed person who makes technical decisions in a company.

How did it go? Did you get it? It was kind of a long thing, huh? Ok, stop racking your brains, I’ll give you the answer: no source code, no security.

Here’s how that works. It’s simple economics, so try to keep up. If they give you the source code, then they put their cards on the table. You can see what the code does, and if it’s doing something stupid (security hole) or nasty (like sending your data to back to the vendor), then you’ll be able to check for this. Now you may say “I don’t know how to check”, and that’s okay. But just by giving you the source code the vendor knows that you can see everything the code is doing. And if you find something nasty in there, they know you’ll never trust them again. So it doesn’t really matter if *you* don’t know how to check, because there are others who do, and sooner or later someone will find the nasty code if it’s in there. Thus, if the vendor gives you the source code, then he’ll be a lot more careful about what’s in there, because he’s risking losing your trust and your business forever. That will keep him honest.

Is there then anything surprising about finding out that Microsoft is putting in backdoors in Windows? No, because how would you know it’s there? You don’t have the source code! In case you were wondering, the words “security” and “backdoor” are mutually exclusive.

So what have we learned today? Is there somehow we could summarize all this in just one sentence? There is: If you want security, ask for the source code. If you can’t get the source code, you know that the vendor isn’t taking security seriously.

  * ERROR: net-fs/nfs-utils-1.1.2-r1 failed.
 * Call stack:
 *       misc-functions.sh, line 652:  Called install_qa_check
 *       misc-functions.sh, line 360:  Called die
 * The specific snippet of code:
 *   		[[ ${abort} == "yes" ]] && hasq stricter ${FEATURES} && die "poor code kills airplanes"
 *  The die message:
 *   poor code kills airplanes

I had to undelete someone's files from a FAT partition today. My first thought was to use good ol' Windows to do so, given that Windows is the unholy ground which spawned FAT to begin with. I remember there used to be an UNDELETE command of some sort in some old version of DOS. But this doesn't seem to exist in XP any longer.

There are however lots and lots of third-party "shareware" programs which can do this kind of thing, as Google reveals. There is in fact an overwhelming number of such shareware programs. Most of these programs are total crap and cost around $30. One program required me to burn a CD and reboot my computer from the CD before I could run it. Many of the programs "intelligently" scan a partition looking for chunks of things that look like JPEGS or WMVs. I tried a few "demos" before I gave up, not having an hour to waste finding the one program that would work. Thus bringing the current score to Windows: 948, Brian: 0.

Instead I brought the drive home and plugged it into Gentoo and used this post as a guide. I dd'ed the partition to a file, fscked around with it a bit, mounted it via loopback, and had my files back. Took 10 minutes, and worked as expected. And it didn't cost me $30.

The moral of this story: I need to burn a Knoppix disk to take to work with me.

My only quibble is that I can never ever remember what Gentoo package contains fsck.vfat. Note to self, it's dosfstools. I can never think of the search terms even to locate that package. I had to google it.

My ninth call to Westinghouse today, about my Westinghouse L2410NM 24" LCD monitor which I RMA'ed back in March, revealed that they did in fact shipmy monitor, supposedly to my house, on April 4th or so. A UPS tracking number confirms it. There are are a few things wrong with this.

1. In spite of the fact that I asked for a phone call to be updated on the status of my monitor whenever it was shipped, I received no such phone call.
2. During the four phone calls (or was it five?) I made to Westinghouse in April, AFTER my monitor was supposedly shipped to my house, no one at the company had any record that it shipped. I was told that by multiple representatives over the past four weeks that my monitor was "in processing".
3. I asked for my monitor to be shipped to workplace, not my house. My nice, safe, cozy workplace with human beings who can sign for large expensive packages. Not my empty house in a neighborhood full of drug addicts, in the property theft capital of the west. In addition to telling the phone representative this, I actually taped a 8.5 x 11 inch sheet of paper directly to the monitor itself (as well as the outside of the box) specifying SHIP TO: and my work address. Even such drastic measures were not enough to catch the attention of whatever magical monitor-repair fairies work at Westinghouse, apparently. Perhaps I should've carved that information directly into the monitor screen.
4. I could possibly overlook the above, except that, as you may have surmised, at the present time, I do not, in fact, have my monitor.

After calling up UPS to ask why their driver left a $450 computer monitor, in a shiny bright blue and white box with pictures of a computer monitor all over it, sitting on my front porch while I was at work without getting my signature, I placed call number ten (yes, I've finally hit double digits!) to Westinghouse, and managed to escalate my issue to the Westinghouse corporate office. Supposedly in 7-10 business days they will send me a brand new monitor.

Oh how I wish I had any confidence that I'm ever going to see that monitor.

In the meantime, this guy was on sale at the local store, so I bought one. Time will tell whether LG brand is any better than Westinghouse. This time, I also bought the extended warranty, having learned my lesson that it can, indeed, be worth an extra $60 to save myself some pain and aggravation later. I'm also going to think twice about buying things like this over the internet in the future. There is something to be said about being able to drive 10 minutes down the road to have your property serviced or replaced by real-life human beings, rather than paying to have things shipped around the world for a month.

Computers are a love/hate thing for me. I love all things digital, but I desperately need to get away from it sometimes too. So I had a nice vacation away from my computer last week. I couldn't keep myself from reading some mailing lists and hitting Slashdot once a day, but I didn't write a single line of code and didn't give my websites or work projects or anything much thought.

But now my vacation is over, and it's so easy to fall back into old habits, endlessly looking at webcomics and reading articles about Common Lisp unit testing suites and cringing at the latest drama amongst Gentoo devs and minding my message board like a crusty old beat cop making his rounds. It's the life I've chosen, and I do like it, but I do like getting away sometimes too.

I fulfilled one of my dreams last week when I finally caved and ordered a solid glass mousepad. They're pretty cheap on newegg.com, depending on the color you want. I happened to want green, and it happened to be the cheapest, so all is well. It looks very nice, and it's big and hopefully the surface won't degrade over time; I tend to eat through mousepads via a slow yet inexorable process of erosion.

Unfortunately my laser mouse doesn't work on it. However, I have learned that if I upgrade my mouse's firmware, it will magically be able to work on a solid glass mousepad. Who would've thought my mouse had updateable firmware, let alone that updating the firmware would allow it to work on new surfaces? Not I.

The bad thing is that I need freaking Windows XP to upgrade the firmware on my mouse. I don't have any computer that has XP on it and I'm afraid to try anything in a virtual machine that involves something as dangerous as fiddling with the innards of connected peripherals. So I tried to install XP on my laptop, desperate times calling for desperate measures. But of course the install failed because my XP install CD is so old (pre-SP1, received free from my college 7 years ago) that it didn't recognize most of my hardware. In fact, the XP install CD blue-screened, which set a new record for how low Windows could sink in my opinion.

So I tried slipstreaming SP2 into my install CD. But it failed because, get this, the filenames of some drivers on the CD, namely usbehci.sys, ended up in lower case rather than uppercase and the CD's install program couldn't locate them. I kid you not. Since when is anything in Windows case-sensitive? Is it running Linux? I had to burn another CD after renaming all the files into uppercase. Then the CD worked, but it couldn't find my hard drive, probably due to missing SATA drivers. At that point I gave up, and plan to take my mouse to work tomorrow to upgrade the firmware on a work machine that has XP on it.

And so the score up to this point in my life is Windows: 947, Brian: 0. Windows remains undefeated.

Thanks go out to Logitech for not letting me use Vista (or, say, LINUX) to upgrade my mouse's firmware, and of course to Microsoft, for yet another gloriously broken and frustrating computing experience.

Google’s SketchUp is an incredibly easy-to-use architectural and 3D-modeling tool. The Computer Science Club here at Mansfield has been talking about modeling the university for a 3D perspective in Google Earth, similar to what Google Earth provides for New York City and other metropolitan areas. Recently, I have been experimenting with SketchUp. A free version is available from the website and a professional version can be purchased for about $500. People enrolled in Universities can obtain the professional licenses for $50 a year. The $50 counts towards purchasing a full license, so after 10 years, it’s yours forever. Or, you can pay for the educational license for 3 years and pay the rest of the money up front.

At a first glance, SketchUp seems to be too simple to be worth anything. Upon further investigation, the simplicity seems to come from Google’s innovational perspective. Google has outdone themselves with SketchUp. It is amazingly easy to pick up and create simple objects. More complicated objects can be created with some practice. I have spent about an hour and a half working with the program. First, I watched the beginning tutorials. Then, I went straight into making objects and refining them. It’s amazingly simple. Just make a shape, pull it up to give it depth, draw other objects on it, and manipulate them. It’s amazingly simple.

In about twenty minutes, I was able to make the desk that I use here at school. Keep in mind that it isn’t 100% perfect, nor is it 100% to scale. I have never seen a program this simple. With an hour and a half of experience, I was easily able to make this (click to enlarge):

Here is the front of it:

From an angle:

From the side (notice the arches in the drawers):