Tag Archives: tech

LPLUG February

Yesterday was the February meeting of the LPLUG. Doug DeYoung spoke about Linux security, the methodology of cracking into Linux machines. It was a very interesting presentation, and demonstrated how useful even the smallest piece of information can be to a cracker.

Hopefully we’ll have his presentation for the web site eventually, but I’m not sure if he’ll be anxious to give us that or not, since he gives this presentation a lot.

Key signing

Key signing this evening. Some folks coming in from out of town, and, hopefully, folks from in the area that we don’t get to come out very often.

Perhaps I take it a little too seriously, but I feel that attending these events is one of my obligations to the Apache community, so that folks can verify distros. And I’m pretty well linked to anyone that is ever likely to do an Apache release. Of course, by proxy, I’m pretty well connected to people that will do releases of other software too, so it works for that too.

Using the script at http://www.cryptnet.net/fdp/crypto/pgp_party/party-table.pl to generate sheets to take to the signing, for easy verification of keys, and reduced chances of mis-copying keys as they are read off. The trick is getting people to read off of their own copy of their key, rather than just reading off of the sheet, and thus proving that they can read, not that the key is the real one. 😉

Note that the default behavior is to output a sheet for your entire keyring. If you replace the line:

@fps = `gpg –fingerprint –keyring $ARGV[0]`;

with

@fps = `gpg –fingerprint @ARGV`;

then you can just type a list of keyIDs (or names) that you wish to appear on the sheet, and get something more customized to the event in question.

On a related note, you might want to look at the GPG key with key ID 1234 5678. Just kinda funny.

Linux World Expo, summary

LinuxWorld 2003

I just wanted to write a few last thoughts on my experience at Linux World, lest I leave the wrong impression – or no impression at all, which is more likely to be the case – about the conference.

I arrived Monday evening, and left Tuesday almost immediately after giving my presentation. This was not condusive to actually experiencing anything of the conference, which did not start for real until Wednesday. I tried to get out onto the show floor, so that I could at least talk to a few of the companies there, even though they were not really set up for business yet. However, the various people in charge of such things did not feel very cooperative in that regard, so I did not even get to do that.

The nice things that did happen was that I was able to talk with some folks that I only see about 2 or 3 times a year, at most. In particular, I talked with Adam Turoff about the copyright/patent stuff surrounding Calendrical Calculations. I don’t know if I’ve mentioned that here before, but I expect it will come up again.

And, as I was submitting an article to slashdot about the 2.0.44 release, Chris DiBono conducted a mini-interview so that he could write a few additional words about the topic for the article.

In all, I came away from the conference with just a few observations.

First, New York City is an awful place, and one would have to be a lunatic to live there voluntarily. It is cold, crowded, noisy, smelly, and everybody seems to be in an absolute panic of hurry. These people need to calm down, get their priorities in order, and move somewhere where people aren’t quite so reticent to look one another in the eye.

Second, I’m unclear how any conference even remotely connected to technology can not have network in the session rooms. Perhaps I’m spoiled, but I’m really coming to expect wireless networking, or, at the very least, wired networking, at conferences. IRC is an integral part of conference-going. And, no, I’m not being facetious.

Third, I know that conference budgets are really tight lately, but if I may make a comment/suggestion. The speakers are an integral part of what makes the conference happen. It is a Good Thing to encourage them (ie, pay) to stay for the whole conference, mingle with the attendees, conduct late-night BOFs, have informal “guru is in” sessions, and so on. In addition to the fact that I *hate* rushing around, it is annoying to fly in, speak, and fly out, being unable to participate in the conference, have people be able to ask follow-up questions after ruminating on the talks, or just being able to feel like more than a hired hand. I suppose I’m whining, but I tend to feel that I’m wasting my time doing these kind of gigs, where it ends up costing me a few hundred dollars in expenses, and I don’t really get anything out of it for my troubles.

Dates and stuff

I’m waiting for my talk to start. I don’t have network in the room, and there is evidently no way to get it. This is unfortunate, as a number of my examples would benefit from having network access.

I just spoke with Adam Turoff, who is here for the Golden Penguin Bowl. I’m sorry I’ll be missing that. That could have been fun.

We also talked about Calendrical Calculations. For those of you not privy to the extended conversation, C.C. is a wonderful book containing algorithms for a plethora of non-Gregorian calendars. It comes with Lisp code, as well as translations into several other languages. I would like to write Perl modules using these algorithms. However, the “license” that comes with the book forbids using the algorithms for commercial purposes. Well, if I go to the trouble of writing the modules, I will release them to CPAN under the Artistic/GPL joint license, and I don’t intend to put any caveats in there about commercial uses.

There appears to be no way for them to patent their algorithms, and so it appears that, legally, I can do what I want to do. However, I don’t want to make enemies of these fine gentlemen. I would much rather win them over to the Open Source/Free Software mentality, and have them grant me permission on their own, without coercion. The tricky thing will be if they refuse, what can I do then. Hopefully, I can get someone to ghost-write a note to them, being more persuasive.

The book is fabulous. I don’t believe that releasing modules to CPAN will hurt their sales. I recommend this book to anyone interested in calendars. The information in here is fascinating. But smarter people than I, have said that the license agreement that comes with the book is a Very Bad Thing, and, even though it seems legally insupportable, they would still shun using the algorithms, because they have no interest in getting into a legal fight – even one that they would certainly win. Of course, with the way that silly laws like the DMCA are going, they might actually win. Then I’d be broke *and* a loser, instead of just broke.

By the way, there appears to be a GPL C implementation of these algorithms. I need to talk to that guy, and see what kind of arrangement he has with the authors, if any.

Oh, and regardless of how this all turns out, I encourage you to pick up a copy of Calendrical Calculations, by Ed Reingold and Nachum Derschowitz.

mod_perl, DateTime::, and other

Various tech things going on that I thought I’d mention.

DateTime Perl modules

The biggest one, I suppose, is that Dave Rolsky has rejuvinated the Perl DateTime module jihad that I started way back in May 2001, and which subsequently died because I did not have the time or energy to fight the status quo.

Dave’s actual note is here, and is very very worth reading if you have any interest in the state of Date/Time modules in Perl, and the general arean of date/time/calendar calculations on a grander scale.

Summary: Date/Time modules in Perl are a huge joke. There’s more than 15 ways to do any given thing (a case where TIMTOWTDI is not necessarily a good thing is when it gets way out of hand) and they might give different results. There’s no document, other than the random chicken scratchings that I have produced, that give you a roadmap of the available modules. And I really fell down on that pretty early. And, most importantly, the modules can’t talk to each other. So you can get a date in the Discordian calendar, but if you want to convert it to a date in the Mayan calendar, you’re out of luck, because they use different syntax. Or, if you have a date in the Vedic calendar, and want to know what holidays it corresponds with in China, well, that’s really hard too.

mod_perl

Well, not really much to say about mod_perl. Two things, both of them small in the grand scale of things.

One, I have been receiving the mod_perl mailing list at work for 2 years, and periodically deleting all the messages when the total unread message count goes over 2000. That’s gotta stop. It’s an important list, and I need to be reading at least some of it. So I’ve moved the subscription to home, where I have better mail filtering, and tend to be more careful about reading incoming mail. And I’m going to read it all, or at least those things with topics that seem to be important. Consider it a new years resolution of sorts.

Email, Again

SpamAssassin, for no apparent reason, stopped putting spam in /var/spool/mail/spam, and started delivering it to my users, but with [SPAM] in the subject line. This was ok for me, but was not OK for my parents, who did not have an appropriate filter in place, and so received 200+ [SPAM] messages a day for about 2 days.

Then it stopped.

First of all, I blamed this on the upgrade to Perl 5.8, but it turns out that this is one of the machines on which the upgrade was not performed. So I am baffled. Particularly about it stopping.

Oh, and a VERY important lesson that came out of this. First, don’t edit regular expressions at 1 in the morning. Second, the regular expression [SPAM] is not the same as the regular expression [SPAM] Exactly what foolish thing I did is left as an exercise to the reader.

Google rocks! (Re: Prior art)

Long long ago (mid 1995, as far as I can recall) I saw, on the Budweiser web site, a neat feature. It was a digital postcard. You selected a photograph. You typed in a message (the default message, I seem to recall, was “The weather is here. Wish you were beautiful.”) and an email address. That person received an email message containing a URL. When they went to that URL, they would get your photo and your message. And here’s the crucial part (you’ll see why later). You just clicked on the URL. There was no typing in special keywords or ID numbers when you got there. You just clicked. And while I am not certain of the exact mechanism, it seems reasonable to guess that the argument (key, ID, whatever) was contained in a QUERY_STRING argument.

Well, as this was in the early days of the web, and CGI was still young, I thought I would do the same on my site. My site, at that time was http://s.ms.uky.edu/~rbowen/kenya/ Obviously, it’s not there any more. Now it is at http://kenya.rcbowen.com/ But this was back when domain names cost $70 a year, and I was a poor grad student. If you go to the latter URL, right click on the image on the front page, and select “view image”, you’ll notice that the resulting url contains the substring “postcard”. That’s because those images have been in that location ever since – in the /images/postcards/ subdirectory.

Anyways, that’s all ancient history. Fast-forward to today.

I just got a phone call from some Silicon Valley Lawyers. Seems that eBay/PalPal is being sued by some joker who has a patent on technology that they are using. Specifically, the patent describes a method by which a user inputs a message and an email address, the system sends email to the specified user containing a URL. When that user goes to the specified URL, they get the message and/or document. This is therefore a web-based out-of-band delivery mechanism. And they applied for this patent in 1996, receiving it in 1999.

The phone call was in reference to a usenet posting that I made in February of 1996, (HERE) and another I made in May of 1996, (HERE) referring to a script that I wrote “a long time ago” which implemented this web-based postcard thingy. Another note, in December of 1996, refers to a web site that listed “a few hundred of ’em” (HERE). This clearly establishes prior art. Better yet, I am almost certain that the source code of this program appears in a book that I contributed to in 1996, but I don’t have a copy of it here. I’ll have to check when I get home.

So, this would mean that I have prior art on this “proprietary technology.” And that I can play a role in striking down a patent that is Just Plain Wrong.

I’ll post more information, like the patent itself, once I get more information. I sincerely hope that posting this here does not in any way jeopardize the case, but I just had to share this with my readers – all three of you. 😉

===================

Another relevant URL: The web.archive.org version of one of my web pages, containing a .tar.gz file of the postcard script with a file timestamp of Tue Dec 10 16:54:16 1996, and one of the files actually contains the following comment:

# Begun 12/4/95

And here we have a list of people that were using the software as of Jan 1997.

Google cache has a site discussing my script, saying that it is copyright 1996, and that the adapatation was done on Jan 4, 1996.

Here, just take it

By the way, in case anyone cares (yes, a few people have asked!) the code that is posted to this web site is released under my proprietary HJTI license. The complete text of this license follows:

————————
Here, just take it.
————————

For those of you who get your panties in a bunch about correct legal phrasing, here it is again:

—————————-
This code is explicitly placed in the public domain. Bend, spindle, and mutilate. Caveat Emptor. YMMV. BYOB. IANAL. Have a nice day.
—————————-

Clear?

Choosing a distro, chapter 4

OK, last chapter for today.

BSD did not like me. The X configuration thingy hung every time. Why? I have no idea. But I did not really feel like wasting any more time on it.

And so, I seem to have settled on (I cringe to admit it) Red Hat. The installation (8.0) was the easiest OS I have ever installed. I was very very impressed. It detected hardware without a hitch, installed quickly, and required a bare minimum of hand-holding.

Now, I have never been a big fan of Red Hat, but, wow, this was impressive. If you’re looking for something that Just Works, this very well may be it. I have been growing gradually more frustrated with Linux, because of how hard it is to install stuff. Well, this is not that.

Please understand that these systems are training systems, intended to be easy to use for beginners, and, most importantly, easy to rebuild. I don’t know that I’ll be converting my main development machines to Red Hat any time soon. But, you never know.

Choosing a Distro, chapter 3

Gentoo was a complete joke. Of course, perhaps I had the wrong ISO. It was not at all clear from the web site what I wanted. The iso, while it claimed to be a gentoo distro, was also a Unreal Tournament CD that would let you boot and play on any PC. Why is this useful? I’m not sure. But it appears that in order to install Gentoo, you have to know as much about your system as used to be the case in the RedHat 4 days. That’s for the birds.