• The virtualized system can be minimal when it comes to features/packages which makes it less vulnerable to attacks (every software you install is a possible security flaw).


• The virtualized system can be treated like being on a different network or like being in a demilitarized zone.


• You can buy pre-built and automatically updated appliances that do the job. Those are expensive but some people are really into paying for stuff that could be free.

about some time ago, some gentoo developers (starting from tsunam) published photos of their working environments.

so let's if i can trigger some gentoo users :)

here is mine:

everything i need is in place. on the left you can see an external drive (the red one) and a modem/router on the left of it. behind my screen lies my laptop (next to the laser printer) and next to my mouse i use to place the stuff i am currently reading :)

next to my office i have a bench where i have placed a scanner, an audio amplifier and my old laptop (which is actually my current desktop pc, connected to mouse/keyboard/screen seen on the previous photo).

i ping kargig, agorf and dirk r. gently :)

Unit is a mobile application for tracking lists of owned, loaned and borrowed assets (such as books, CDs, DVDs or board games) using Android mobile platform.

Vista has this really cool feature. When I log in to work via VPN and then close my laptop's lid to put it to sleep, when I open the lid later, I get the CTRL+ALT+DEL login screen as normal, except that my mouse cursor is now invisible! If I can somehow manage to position the invisible mouse cursor over a button, let's say the one to shut the computer down, and I click it, Vista says something about not having enough memory to perform that operation, and crashes or hangs!

Oh wait, that's not a feature. That's a big hairy stinking bug. My mistake.

The Gentoo 2008.0 Beta has been in existence for a few months, but I've only recently gotten around to testing it. Obviously I like the updated kernel and hardware detection since the last release, but there's a few things I'm not a fan of, or rather, one large thing:

A graphical installer for installing the base system. I don't know. I guess it'll make it easier for new Gentoo users, but I think I may very well stick to the good old command line for installation. With each release, Gentoo seems to be moving farther and farther away from what it used to be.

Will the graphical installer include support for a Stage 1 installation? I doubt it. In Stage 1, everything on the computer is compiled natively according to the user's settings. For example, a base system comes with components X, Y, and Z. In a stage 3 setup, these components are pre-compiled and left alone. In stage 1, each of these components are recompiled for optimal use.

I just hope Gentoo doesn't move towards using binary packages.

xkeymap.keycode.108 = 0x138 # Alt_R
xkeymap.keycode.106 = 0x135 # KP_Divide
xkeymap.keycode.104 = 0x11c # KP_Enter
xkeymap.keycode.111 = 0x148 # Up
xkeymap.keycode.116 = 0x150 # Down
xkeymap.keycode.113 = 0x14b # Left
xkeymap.keycode.114 = 0x14d # Right
xkeymap.keycode.105 = 0x11d # Control_R
xkeymap.keycode.118 = 0x152 # Insert
xkeymap.keycode.119 = 0x153 # Delete
xkeymap.keycode.110 = 0x147 # Home
xkeymap.keycode.115 = 0x14f # End
xkeymap.keycode.112 = 0x149 # Prior
xkeymap.keycode.117 = 0x151 # Next
xkeymap.keycode.78 = 0x46 # Scroll_Lock
xkeymap.keycode.127 = 0x100 # Pause
xkeymap.keycode.133 = 0x15b # Meta_L
xkeymap.keycode.134 = 0x15c # Meta_R
xkeymap.keycode.135 = 0x15d # Menu

In the last-post, I went through the most popular Firefox extensions and talked about whether they were good ideas or not. However, it seems that not a lot of people think about another side to this, i.e. what are your Firefox extensions licenced under?

It turns out that a lot of the extensions available through Firefox are not free/open source software at all.

One example is the StumbleUpon Extension. StumbleUpon is a web service that allows you to share links with other users. Sometimes readers have shared this site and my number of visitors have gone up (cheers for that). StumbleUpon is commonly used through a toolbar provided as an extension through Firefox or Internet Explorer, (and a comment-in-the-last-post reminded me about it).

This made me think, what is the licence of this Firefox extension? If you go to the StumbleUpon-homepage, there is no software licence or terms at all. If you click the "Download now - Free" button, you go through to the download-page, still no licence or terms. I unzipped the extension, looking for a software licence, nothing. This made me very suspicious, when people are proud of their licence, they put it right in front of you, what are they hiding?

Eventually, after a bit of digging and Googling, I found their Toolbar-License and guess what? Yes you guessed it, it is proprietary software. So if you want to run free software/open source, then get it off your system now!

Their licence only gives you:

"a non-transferable ... non-sublicensable ... license to reproduce (solely to install and execute) the Toolbar on one of your computers, in executable object code format only, for your personal, non-commercial use only,"

Of course, the "Toolbar" is released as a Firefox extension, in plain-text Javascript and XUL, not in object code format. There is not really object code at all in Javascript, object code is a C term. But the lawyer writing the boilerplate probably didn't know or care about the difference. Anyhow, the licence continues:

"You may not modify, make derivative works of, copy, reproduce, publish, or reverse engineer the Toolbar"

This is in complete opposition to free software/open source, where all users have four freedoms:

• The freedom to run the program, for any purpose (freedom 0)
• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

Don't sell out your freedoms so cheaply! If you want the most free software computer possible, look up the licenses of your extensions.

For example, here are five popular extensions that are free software/open source:

• Firebug: Mozilla Public License 1.1
• Flashblock: Mozilla Triple Licence (MPL 1.1/GPL 2.0/LGPL 2.1)
• AdblockPlus: Mozilla Public License 1.1
• FireGPG: Mozilla Triple Licence (MPL 1.1/GPL 2.0/LGPL 2.1)
• NoScript: GPL

Please do audit your own, and let us know what you find. Knowing which extensions are free and which are not free would be really helpful.

Digg-entry

StumbleUpon is a web service that allows you to share links with other users. Sometimes readers have shared this site and my number of visitors have gone up (cheers for that).

StumbleUpon is commonly used through a toolbar provided as an extension through Firefox or Internet Explorer, and a comment-in-the-last-post reminded me about it.

This made me think, what is the licence of this Firefox extension? If you go to the StumbleUpon-homepage, there is no software licence or terms at all. If you click the "Download now - Free" button, you go through to the download-page, still no licence or terms. I unzipped the extension, looking for a software licence, nothing.

Eventually, after a bit of digging and Googling, I found their Toolbar-License and guess what it is proprietary software, so if you want to run free software/open source, then get it off your system now!

The licence only gives you:

"a non-transferable ... non-sublicensable ... license to reproduce (solely to install and execute) the Toolbar on one of your computers, in executable object code format only, for your personal, non-commercial use only,"

Of course, the "Toolbar" is released as a Firefox extension, in plain-text Javascript and XUL, not in object code format. There is not really object code at all in Javascript, object code is a C term. But the lawyer writing the boilerplate probably didn't know or care about the difference. Anyhow, the licence continues:

"You may not modify, make derivative works of, copy, reproduce, publish, or reverse engineer the Toolbar"

This is in complete opposition to free software/open source, where all users have four freedoms:

• The freedom to run the program, for any purpose (freedom 0)
• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

There are many things that seem reasonable to the average rational person, but then there are some that just seem absurd.

First, a little background. Security is not just a playground for hackers and software companies. It seems that way sometimes, but security has become a rather potent industry in its own right since the days of the first well publicized viruses and Windows exploits. So much so that finding and reporting security exploits is now commonly a job rather than an underground, subculture activity. There is a bunch of people who are employed to do this now, and who effectively drive the standards for security by publishing bugs in various products.

Now, whenever something has value of some kind, simple economic principles naturally imply that it can be used in a trade. Security vulnerabilities indeed have certain value. By discovering a weakness in a product that noone else knows about, you stand to gain something if you decide to use it maliciously. If not, you may still consider selling it to someone who will use it maliciously. And if you’re just not into that kind of evil, you still have a certain leverage over the vendor that sells this product, because you know more about it than they do. So you could easily contact them and say I found a weakness in your product, which allows people to steal your customers’ data. Although I don’t intend to abuse this personally, we both know there are plenty of people out there who do, and who work hard to find these bugs themselves. If this weakness in your software should remain intact, and abused by someone, you’re gonna be in a lot of trouble. So how about you recompense the efforts of my research and I will hand it over?

As a vendor, this isn’t the most pleasant email to get. But after all, this person has found something that is our fault, and we have only ourselves to blame for selling something that has such an obvious weakness in it (or we don’t think it’s serious and we’ll just wing it, hoping noone gets burnt on this). Okay, raw deal for the vendor, but if you’re selling something that your customers bought in good faith, and it turns out it could pose a threat to their data, it’s definitely your fault.

Depending on how successfully this person is able to negotiate with the vendor, the outcome may be various. But if the [let's call him a] researcher isn’t able to come to terms, the next best thing is just to make it public. Like we saw already, a vulnerability has a certain value. If you’re not able to claim this in hard currency, you’ll at least want the recognition for finding this bug so that you can hone your reputation as a security professional and maybe someone will give you a [better] job.

But there is a problem. As we know from every Hollywood corporation-vs-little-guy story, companies always respond to threats the same way: calling their lawyers. The lawyers always try the same thing: hush it up. So they send out lots of scary documents, trying to shut the guy up. And whatever your legal position is, you’ll never win, cause corporations have armies of lawyers (armies of janitors too, actually, armies of everything). So chances are they will successfully silence you and your plan of publishing the vulnerability fails. You don’t get any money, and you don’t get any credit. The vulnerability remains intact, the vendor, even if they know how to fix it, probably won’t do anything about it cause noone is pushing them to.

This is the bizzarre landscape in which an industry, which would otherwise seem absurd, somehow makes sense. These security researchers don’t have protection against legal warfare, so there are actually certain companies now that trade in vulnerabilities. They will buy them from researchers and then try to reclaim a profit from the vendor, or even sort of broker the deal without putting the researcher in jeopardy. This way, the researcher can either get money for it, or if that fails, publish it.

Not surprisingly, vendors make a big stink about what they call “responsible disclosure” (ie. telling them first, hoping they don’t try to silence you I guess), but the truth is they abhor these things being made public, as Jonathan Zdziarski explains at length.

*

Incidentally, if you’re at all interested in security, you should check out some of the fascinating talks on security from various security events. Conferences like DefCon generally publish all the talks online. You’ll be blown away by what’s actually possible (and not just possible, probably being done right now) and your perception of how secure you should feel online will be changed forever. If you want to be both enlightened and entertained, try Dan Kaminsky, he likes to showboat.

I recently looked at the forthcoming Epiphany browser based-on-Webkit. However, some people told me that Firefox has so many extensions that it would not be possible for a new browser to compete, even among the target audience of GNOME users. Is this true?

I am not a C hacker and don't want to be at this stage, so I can't really help with the heavy lifting in finishing the new Epiphany. However, the previous Gecko-based version allowed you to write extensions in Python, so if that is true in the new version, I could write an extension or two.

The old gecko version of Epiphany had various extensions, and a dozen or so of the best were bundled in the Epiphany-Extensions package.

Firefox extensions

It is early days because, as far as I know, the new Epiphany extension API is not written yet, however, we can do a little research about Firefox extensions, and seeing which ones are worth replicating on Epiphany. I myself have FireGPG (allows you to use GPG with webmail), Flashblock (blocks Flash movies unless whitelisted) and FireBug (see below).

There are 2353 add-ons and themes in the Firefox add-on database, several are abandoned in that they have not been updated to work with modern versions of Firefox. The bottom 1000 have had very little impact. For example, the "Et Lolcat" extension translates English to 'locat', it has only been downloaded 26 times ever. I doubt the lack of a lolcat extension is going to prevent anyone from using Epiphany.

As you might expect, outside the big hitters, the popularity of extensions tails off pretty fast. The top few add-ons have been download hundreds of thousands of times, the 100th add-on has been downloaded 10,000 times, the 1000th add-on has hardly ever been downloaded by anyone.

So lets ignore all the themes as Epiphany themes according to your desktop theme; lets also ignore all the abandoned extensions and the extensions which have never really been downloaded by anyone. So we can say there are less than 500 extensions that are actually relevant for our purposes. This is still a massive number. I cannot think of another piece of software that has 500 active extensions.

In the rest of this post, I look through the list of the top 100 downloaded-add-ons. This list of course is dynamic, so will change according to when you view it. So where I have included a number, it is the position in the top 100 when I looked at it. Do not worry I don't talk about 100 add-ons, a lot of the top 100 add-ons are themes and dictionaries which I have ignored.

The top three

Video DownloadHelper (1) - This allows people to rip videos out of sites like Youtube, as does UnPlug (37) and a million others. This could be easily replicated by Epiphany but maybe a better approach would be a "save-as" button in Gnash? Likewise Flashblock would not be required if Gnash has an option for "only play when the user agrees to".

Adblock Plus (2) provides advert blocking, as does Adblock and Adblock Filterset.G Updater (38). In the old Epiphany, there already was a decent adblock. This can and no doubt will be easily replicated by an Epiphany extension.

NoScript (3) provides blocking and white-listing of Javascript. This could be easily replicated by an Epiphany extension. Epiphany already gives you the ability to turn Javascript on and off globally, the extension just needs to give the ability to control this behaviour per site.

Not all extensions are priorities

IE Tab (7) allows Windows users of Firefox to open non-standard webpages in IE. This is not available on Firefox for Linux so is irrelevant. People should not write IE only webpages.

Next we have the replacements for Firefox's rubbish download dialog: DownThemAll (4), Download Statusbar (6), PDF Download (10), Fast Video Download (15), ScrapBook (28). Hopefully Epiphany's download dialog will be good enough out of the gate. So these are not a priority.

Foxmarks (9) and Speed Dial (29) are replacements for Firefox's annoying bookmarks dialog. Epiphany's bookmark manager is better, so these extensions are not a high priority.

Greasemonkey (5) is a higher level extension tool, it basically makes it easier to write extensions for Firefox, especially per site extensions. If Epiphany's extensions are easy to write, this will not be needed.

The Fasterfox (17) extension allows you to prefetch pages, as well as make concurrent connections, i.e. download the same page ten times at the same time. I am undecided weather this extension is a good idea for the web. I wouldn't want people using it on my sites.

A web browser is not a desktop environment or package manager

Quite a few of the extensions use Firefox as a convenient way to make and distribute an application, not surprising as Windows does not have a package manager. These extensions may have none or only tangential connection to the fact that Firefox is a web browser. Many of these in Linux would work just as fine or better as a separate application, indeed many equivalent applications already exist and are probably better.

FireFTP (18) is an FTP client, GNOME has GFTP which is perfectly fine. FoxyTunes (27) is a media player frontend, Linux has billions of media players. Forecastfox (12) tells you the weather, the GNOME desktop already tells you the weather, we can even look out a window. Likewise, FoxClocks (30) tells you the time, which the GNOME desktop does by default. After 40, we have RSS Readers such as the "Feed Sidebar" and "Sage", as well the IRC client ChatZilla. GNOME has lots of RSS Readers, e.g. Straw and Liferea, and Linux has lots of IRC Clients. The best way to use IRC is to use a client that can run 24/7 on the server, such as Irssi.

ScribeFire is a Firefox extension that provides a text editor for blogging. There is GNOME-blog available through all the package managers, but I prefer to use a real text editor. FoxSaver is an extension to provide a screensaver and photoviewer, GNOME has the Eye of GNOME image viewer and its own screensaver. ReminderFox (35) provides reminders, as GNOME already does.

PicLens (8) provides desktop effects for Firefox on Windows. It is not available for Linux, but Compiz with Epiphany does a better job. The same applies to "Tab Effect" (21) and FireGestures (24).

The Firebug (13) extension is a fantastic toolkit for web designers that turns your browser into a complete Dreamweaver clone. This would perhaps be better as a webkit based application, the same goes for "Web Developer" (20).

"Better Gmail 2" (14) provides extra options for Gmail, turning Gmail into a rich desktop application. The whole point of web-based email is that you can access it from any computer anywhere without special software. If you want to use installed software, then Gnome has Evolution which is richer than any web application.

I also skimmed through the 100 to 200 most popular add-ons, and it was more of the same. I hate to be a snob, but it seems that the most downloaded extensions are not necessarily the best ones!

Conclusion

There are many hundreds of Firefox extensions, some of them are absolutely fantastic, however many are repetitive, many also replicate things that already exist on a GNOME based system by default or are quickly available in the package manager. A large number of the extensions are old and have not been ported to modern versions, and some of them are just bad ideas.

This survey has convinced me that it is quality not quantity that matters, that with just 20 well chosen extensions, Epiphany could offer the features that 80% of GNOME users want, with 50 well chosen extensions, it could offer the features that 95% of GNOME users want. I am talking about extensions that actually have something to do with web browsing, not turning Firefox into a jukebox, or into a calendar, into a Compiz replacement, or into an operating system of its own.

I made a few small changes to BIOSLEVEL tonight. This is after trying to complete a new review or two this morning, but found myself unable to complete because my camera has decided to go haywire. More on the camera later. Let's look at what I've changed with BIOSLEVEL.

Changes to BIOSLEVEL

The changes aren't too numerous, nor are they complete yet. First off, I've altered how the <title></title> tags are done, so article names are now displayed rather than just "Article & Reviews". Hopefully this improves the site's overall SEO. The second part of the update comes in the form of some buttons for our article & review pages: Digg It, E-Mail Page, and Stumble Upon.

E-mail Page will either open a new window (smaller) or within the same window a page that allows them to e-mail the article's introduction, title, image, and link to someone's e-mail. I obviously won't track e-mail addresses, but should I keep track of how many times the feature is used per article? Obviously, I haven't implemented this feature just yet.

Digg It submits the story to digg. Obviously. Stumble Upon submits the story to Stumble Upon, but I haven't added the link for this just yet. I'd also like to add some icons for Reddit and a few similar services as well. Anything to build up more traffic.

Camera Woes

My aunt bought me a Cannon PowerShot S1 IS a few years ago for Christmas. At $400 at the time, the S1 IS was only a 3.2MP camera, which is really more than I need. I spent some time debating this morning while looking through cameras on NewEgg.com

I almost bought the latest version of my camera, which boasted a whopping 8.1MP and a 12x optical zoom, whereas my camera only has a 10x zoom. I ended up purchasing the Nikon D40, a DSLR camera. It'll be my first DSLR, and I'm really hoping that my older SLR lenses will still work with it.

There's more functionality in this camera than I'll probably ever use, but I'm also up for experimenting with it. The important part, however, is that I'll be able to take shots of products to complete my reviews.

Take a peek at BIOSLEVEL for the said updates, and watch for a new review in a day or so. Also expect another entry here in the near future.

ssh.py provides three common SSH operations, get, put and execute. It is a high-level abstraction upon Paramiko.

I wrote it yesterday for my own needs, so it is still very much in the beta stage. Any improvements or comments gratefully accepted.

In short, it works as follows:

import ssh
s = ssh.Connection('example.com')
s.put('hello.txt')
s.get('goodbye.txt')
s.execute('du -h --max-depth=0')
s.close()

That is it, in the rest of this post, I walk through this line by line.

Installation

First, we need to install paramiko, if you don't have it already.

On Gentoo Linux:

emerge paramiko

On Ubuntu/Debian and so on:

apt-get install python-paramiko

If you want to use Python's easy_install then:

easy_install paramiko

Secondly, you need to grab the ssh.py module, grab it from my code-page, and save it as ssh.py.

Connecting to a remote server

To play with the script interactively, you need to start Python:

python

Now, import the ssh module:

import ssh

Next we need to initiate the connection. If your username is the same on both systems, and you have set up ssh-keys, then all you need to do is:

s = ssh.Connection('example.com')

Connection supports the following options:

The host is essential of course. Port defaults to 22. The username defaults to the username you are currently using on the local machine.

You need to use one of the authentication methods, a private key or a password. If you don't specify anything, then ssh.Connection will attempt to use a private_key at ~/.ssh/id_rsa or ~/.ssh/id_dsa.

So to specify a username and password, you can do it like this:

s = ssh.Connection(host = 'example.com', username = 'warrior', password = 'lennalenna')

Of course, Python also allows you to use the order to specify the arguments, so the last example can be written as:

s = ssh.Connection('example.com', 'warrior', password = 'lennalenna')

Operations

Once you have set up the connection, there are three methods you can use. Firstly, to send a file from the local machine, you can use put:

s.put('hello.txt')

The above example copies a file called hello.txt from the current local working directory to the remote server. We can also be more explicit if we want:

s.put('/home/warrior/hello.txt', '/home/zombie/textfiles/report.txt')

So the above example copies /home/warrior/hello.txt on the local server to /home/zombie/textfiles/report.txt on the remote server.

The second operation works in a similar way but in reverse:

s.get('hello.txt')

get takes the file from the remote server to the local server, again we can be more explicit if we want:

s.get('/var/log/strange.log', '/home/warrior/serverlog.txt')

The above example copies the strange.log from the server and saves it as serverlog.txt.

The last operation is execute, this executes a command on the remote server:

s.execute('ls -l')

This returns the output as a Python list.

Closing the connection

You can do as many operations you like while the connection is open, but when you are finished, you need to close the connection between the local and remote machines. You do this with the close method:

s.close()

There we go, that is all I needed to do with SSH. Please do let me know using the comments below if you have any problems using it.

If you import my module in your program and later find that you need more power or flexibility, you should be able to swap it out for the full paramiko with a minimum of fuss.

<someone> What are you doing in front of your computer all day?
<me> Hmmmmm, I'm working ... kind of.
<someone> All the time?
<me> Not all the time, but well, probably most of it.
<someone> Aren't you chatting or stuff like that?
<me> Yep, but that's not the type of chatting you're used to I guess.
<someone> What are you working on?

<me> Well, there's this Open Source project, called foo I am helping a little bit here and there.
<someone> What is Open Source?
<me> Hmmmm, well ... 
[skipping stuff about available source code, licenses, the M$ example of closed sources and so forth].
<someone> Aaaaaha (I haven't really understood 75% of what you've just said but).
<someone> Are you or the others getting paid for what you do?
<me> Actually, nope, there are exceptions of course.
<me> However, chances are that someone maybe donates a few bucks.
<someone> That doesn't make any sense at all, why are you doing this?

Fun

People

Reward

1. Find a girl
2. Invite her to your appartments
3. Use subject product V (or C)
4. Have fun
5. Take her number
6. Profit?

In your scripts or applications, you might need to copy a file from one server to another. One way to do this is to use SFTP, the secure file transfer program, which uses an encrypted SSH (Secure Shell) transport which in turns runs over TCP/IP.

One of the Python implementations of SSH is called Paramiko (available in package managers as paramiko or python-paramiko).

Paramiko is extremely comprehensive so you can get as complicated as you like, but for me, I just want to be able to copy files from a known remotepath to a known localpath and back again.

In this post I explain how to do this using Paramiko directly, in the next-post, I look at another approach.

So we start by importing the module, and specifying the log file:

import paramiko
paramiko.util.log_to_file('/tmp/paramiko.log')

We open an SSH transport:

host = "example.com"
port = 22
transport = paramiko.Transport((host, port))

Next we want to authenticate. We can do this with a password:

password = "example101"
username = "warrior"
transport.connect(username = username, password = password)

Another way is to use an SSH key:

import os
privatekeyfile = os.path.expanduser('~/.ssh/id_rsa')
mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
username = 'warrior'
transport.connect(username = username, pkey = mykey)

Now we can start the SFTP client:

sftp = paramiko.SFTPClient.from_transport(transport)

Now lets pull a file across from the remote to the local system:

filepath = '/home/zeth/lenna.jpg'
localpath = '/home/zeth/lenna.jpg'
sftp.get(filepath, localpath)

Now lets go the other way:

filepath = '/home/zeth/lenna.jpg'
localpath = '/home/zeth/lenna.jpg'
sftp.put(filepath, localpath)

Lastly, we need to close the SFTP connection and the transport:

sftp.close()
transport.close()

In my humble opinion, one should not have to write so many lines or care about the SSH protocol just to send a file from a to b. In the next-post, I will share my own higher level API that runs on top of Paramiko.

I've been very busy the past week, mostly just for the fact that I worked eight days straight. It might have been good money, but tomorrow is a well-earned break. In these past eight days, I fell behind in some of the reviews I've been writing.

I meant to post a review of the OCZ Reaper HPC DDR2 RAM I used in my reviews of the 780G motherboard and Radeon HD3870 Toxic, but fell behind because of all the extra hours spent at work. There're several more reviews to follow the review of this RAM, but my main concern right now is the RAM.

BIOSLEVEL has several fantastic reviews coming up, but what I'm really excited about is a home theater series of articles I'm trying to plan out utilizing MythTV. We have one machine that's able to act as a MythTV box itself, as well as a MythTV server so other units can connect to it. This'll be a great option for some units such as the Asus barebones I recently reviewed for BIOSLEVEL

On the bright side of my time issues, I did manage to get a little done on a new design for this site, as well as business cards for BIOSLEVEL. Once both are completed, I'll post the final designs. Or, that is, change the design of the side and post an entry about the business cards.

1. Edit revoco-0.3.c and change the value of #define MX_REVOLUTION to the value you get for you mouse from `lsusb`. Mine is c525.
2. The auto setting was a bit whacko by default - the solenoid was clicking on and off without even moving the wheel. This worked:
   $ sudo revoco auto=10
3. Setting the manual click change to button "6" (find button) gives you the middle click (button 2) back *woot*
   $ sudo revoco manual=6
   and also gets rid of that annoying "search" keyevent which I have a keyboard for :)
4. But unfortunately, when I set the manual=6 option, the auto scroll feature turns off again :| But that's a small price to pay!
   

I listen to MP3s in the car and it's annoying when the volume isn't normalized. I can't be fumbling around with the tiny buttons on my MP3 player to adjust the volume while I'm driving. I found mp3gain and used it on a bunch of files and it appears to have worked.

If anyone knows of a better program for normalizing volume of lots and lots of MP3s, post now or forever hold your peace.

Here’s my perspective on it. We all have ideas, some good and some bad. Now it’s understandable that people who have invested themselves into a bad idea, especially if they thought it was good, are reluctant to walk away from it. It’s painful to have to realize that. But the flip side is that we have to maintain the myth of Santa Claus because, well, so many kids believe in him that we can’t let them down. Bad ideas deserve to die for the good of everyone.

The first thing a good idea must have is a real problem to solve. OpenID does very well here. The point of OpenID is to solve our common problem of the internet age: many websites, many accounts, many usernames and passwords. This is probably why OpenID still appears to some people as being a good idea.

Here’s how they do it. Instead of keeping track of your accounts on all the sites you’re a member of, just let one site keep all your account records (sound ominous yet? it did to me). Now, whenever you want to login to one of your sites, instead of using your username/password for that site, you use your OpenID login, which looks like this: http://username.myid.net. This url is effectively your OpenID provider, ie. the site you use to keep track of all your accounts. So now the site you’re logging into sends you to your provider, where you login with a username/password belonging to the account on the provider site, and that logs you into the site you were visiting. So in other words, your account on the provider is the gatekeeper to all your accounts. Sounds simple, right?

I remember when I first heard about this idea years ago. The first concern I had was that in order for this to work, I need a provider to keep track of all my accounts. So I asked myself the question: whom do I trust do this for me? The answer came back: myself. I don’t know about you, but the idea of some third party storing all my logins doesn’t make me feel warmy and cuddly. As it happens, the open in OpenID means you can choose any provider you want, including yourself. You just set up some php scritps and voila, you can use http://mysite.com as your provider. So basically, instead of storing your accounts in some “account manager” program on your computer, you do the same thing on your server. This is where the concept of OpenID died for me. I don’t want to have to depend on my own OpenID provider to work in order to use other sites. I don’t want to add a dependency on my ability to login to some other site contingent on the assumption that my own site is available and working properly at all times (which it isn’t, I have a little downtime like everyone else).

If you don’t want the hassle of being your own provider, you can pick a provider from a list. This is not an attractive fallback option, because now your account on the provider is your key to all your other accounts. If I have an account on some site and I forget my credentials, big deal, I only lose that one account. But if I lose my credentials on the provider, I lose everything.

In theory, OpenID tries to improve your overall security. The hassle of keeping track of accounts is known to us all, and we get around the problem by reusing the same (or similar) credentials on a lot of sites. This is obviously bad for security, because if someone gets your password to one site, they can access all your other accounts that use this password. So security people will always recommend that you use distinct credentials for every account. Suppose you do this, and you use OpenID to alleviate record keeping. Now, OpenID actually works against you. Your account on the OpenID provider is the key to everything. With a different password on every site, you’re that much less likely to remember what it was, therefore your account on the provider is proportionally more valuable.

There is a strange irony at play here. Supposedly, the more accounts you manage with OpenID the more useful it is. But on the other hand, the more accounts you manage with it, the more you depend on it, and the more you make it the one gateway to all your online identities for a potential attacker or for abuse by a dishonest or incompetent provider.

Most importantly, however, OpenID’s solution to the login problem isn’t a very clever solution at all. Typing http://username.myid.net is not a big improvement over a username/password form. My browser already gives me the option to login without typing anything.

Those are my reasons why OpenID is a bad idea and should have died years ago. If you want more, Stefan Brands has an exhaustive laundry list of problems with OpenID.

Something is very wrong here. Right after starting a KDE session everything looks normal.

But after running for a day we have a different story. I’m assuming this isn’t the expected behavior (if so I didn’t expect it).

This time I specifically took a screenshot to prove it, but I’ve seen it eat up as much as 1.3gb of my memory, which is rather unnerving.

kwin-kde4        4:4.0.4-0ubuntu1

Bug report.