why I joined the Australian Greens

September 17, 2006 | etbe

In 2004 I was browsing the web sites of the various political parties to see how they met my needs. The only party that stood out was the Greens. The reason for this is that they had some material on their web site that was positive towards free software and made mention of helping members install Linux (apparently they ran some sort of Linux install-fest for their members).

Earlier this year when I offered to burn copies of Fedora Core 5 for anyone who wants it, one person who accepted was Matthew Wright of the Victorian Greens. As I was in the area I dropped the CDs in to the Greens office. It seems that the principles of the Green party agree with my beliefs in almost all areas.

The Greens Charter has many points that might surprise some people, the majority of the points in the charter do not directly relate to the environment. Many people join the Greens without having the environment as a key issue, the issues of social justice, non-violence, and free flow of information attract many people. The Greens IT policy has attracted quite a number of people in the Linux community!

Also it should be noted that concern for the environment does not require that you like the environment! If you want to spend all your life inside a building in front of a computer then you still want good quality food and an absence of natural disasters. The environment is bigger than us, we depend on it, and we don’t understand much about it. The fact that different experts give differing opinions about the scope of the global-warming problem is not a reason for complacency, in fact it’s the opposite – it’s a reason to be cautious about things we don’t understand that can kill us!

The Green parties in other countries are all independent (while still loosely associated as part of the international Green movement). So there will be some differences in the policies of the Green parties in different countries. But I expect that there will be a lot in common.

A final positive thing about the Green party is the integrity of the people in the party. Unlike most politicians you can expect the Green senators to do what they promise to do and to vote according to party policy.

the next feature for a spy movie

September 16, 2006 | etbe

I have noticed that motion sensors on burglar alarms don’t detect small movements. Presumably they are also less effective at detecting small objects that move (otherwise they couldn’t be used if there were mice).

For an adult to move slowly enough to avoid detection by the typical cheap burglar alarms is quite difficult, and probably almost impossible to do reliably. For a small machine to move slowly enough that it’s combination of size and speed doesn’t get detected would be much easier.

So it should be possible to design a burglary robot that can open doors and crawl across the floor slowly enough that the alarms are not tripped. Such a robot could step over laser beams (which you always have in movies) much more easily than Catherine Zeta-Jones and then crawl up the wall to the motion sensor and disable it.

In a movie such a robot would probably be autonomous, but for constructing one in real-life 802.11 control would be the way to go.

If someone from Hollywood is reading my blog, please feel free to offer me an obscene amount of money for this idea. ;)

sendmail – the MTA for insecure systems

September 15, 2006 | etbe

Sendmail is the most prevalent Unix MTA. It is the oldest MTA and is still one of the most powerful ones that are available. However it has never been known for being secure.

http://lwn.net/Articles/176596/

Most of it’s bad reputation comes from regularly having serious security holes. The above URL has the most recent one. Neither Qmail nor Postfix has had a serious security issue. Dan and Wietse appear to have aggressively audited each other’s code in an attempt to find such a hole without success.

Sendmail was initially designed with a single process running as root which does everything. Any bug in that program and you lose. In recent times you have two processes, one of which doesn’t run as root. This alleviates the problem but doesn’t compare to the 10+ programs that may be run for different tasks on a Postfix or Qmail system, of which only two will have root access (the local delivery process and the master controlling process).

Another part of the Sendmail problem is the crufty old code. Exim has a similar design to Sendmail in terms of process duties, but has a much better security history due to being written more recently.

On many occasions over the last ~8 years I have had debates with Sendmail advocates regarding the security issues. The Sendmail advocates have consistently claimed that all the bugs are fixed now and Sendmail is only attacked because it’s popular. Given the track record it seems that it’s a bad idea to claim that the security flaws have all been fixed.

In regard to the popularity issue we have to keep in mind that fact that Windows has a much larger user-base than Linux. Any argument that you might make in favor of Sendmail over Postfix in terms of security flaws being a function of popularity is an argument in favor of Windows over Linux. I find it particularly amusing when BSD users claim that Sendmail only gets cracked because it’s popular. What does that say about the security of BSD given that BSD is much less popular than Linux?

On many occasions people have pointed out to me that you can run Sendmail as non-root. Almost 10 years ago I wrote a web page describing how to do this. Doing that has always been a hack, although it should work reasonably well for a machine that only runs Sendmail as an outbound relay.

Sendmail was a nice MTA in the early 90’s. But it’s time has passed. Let’s all upgrade to mail server software that doesn’t require regular security updates. Sendmail and Exchange belong in a software museum, not on the net.

mailing list culture

September 15, 2006 | etbe

There is currently a big debate in progress in Debian. I am not going to mention any specifics because too much of it has already been blogged (maybe in the same syndication in which you read my blog).

I think that the way things are going is more an illustration of the failings of mailing list culture than of failings of Debian. Maybe another mechanism would be more productive in leading towards a solution.

One option that occurred to me is debate via wiki. If each side had a wiki page that they could modify then in a small amount of time we should get a set of two main consensus opinions which would each be explained clearly and summarised well. Then with two options clearly expressed the people who have less strong opinions could decide which option they favor. For this to be a quick solution honorable behaviour would be required from all people involved, if people start trying to sabotage the other group’s wiki entries then it would significantly increase the time taken to achieve things.

Another possibility that occurred to me is debate via blog. The quality of blog postings is expected to be a lot higher than that of mailing list discussions as all posts are tied to the author’s public image. Writing content-free messages on a mailing list is easy, but every blog entry needs to stand on it’s own to a certain extent and anyone who writes flames in most of their blog entries will probably find that the readers like it less than the readers of a typical mailing list.

Maybe when an issue is recognised as highly contentious a few people could blog about it and then form groups to develop wikis to promote their views. A debate might start out with five or more different competing views, some of them would merge until there were only two main opinions being pushed. Then once the two remaining groups had sorted out their positions a vote would be easier to arrange.

What do you think?

IT companies and toxic waste

September 13, 2006 | etbe

Greenpeace has an interesting article about how IT companies rank in toxic waste problems.

Dell rates quite well, I feel happier about my recent purchase of a large Dell TFT monitor now. HP does reasonably well, that’s fortunate as the Green party in Victoria has recently purchased a HP server. But next time we discuss such things I will suggest that more consideration be given to Dell servers because of this issue.

Lenovo does really badly, I’m surprised because I would have expected IBM to do reasonably well and I didn’t think that Lenovo would make significant changes. From now on I will refrain from purchasing Lenovo products. I will still purchase second-hand IBM products, but nothing under the Lenovo brand until they clean up their act.

Also it’s worth noting that computers manufactured with toxic chemicals will outgas some of the chemicals into the local environment (IE your server room, bedroom, or wherever else you have computers). Avoiding the computers manufactured with toxic chemicals is not only good for the environment, but also good for your health!

blogging software

September 12, 2006 | etbe

Previously I asked for advice about running an Intranet blog, and running an Internet blog with hosting for friends.

In response to the question about running a small Intranet blog the recommendations were strongly for WordPress, with a mention of Ikiwiki as well. One of the features that I consider desirable is for software to be reasonably popular which means that support is often easier to obtain. So WordPress is my main candidate at this time for Intranet use. I’ll install WordPress and probably won’t try anything else unless WordPress fails in some significant way (which seems unlikely).

In response to my question about a blog server for serious blogging again WordPress was well recommended. There is also a version of WordPress in beta called WordPress MU that supports blog server operations such as wordpress.com. Although I didn’t mention it before I have had some ideas of starting my own server along such lines so WordPress again does well.

Over the next few weeks I will start playing with WordPress and WordPress MU. If things go well I’ll move my blog away from blogspot and to a domain I own in the near future.

C – the suit and tie of programming

September 11, 2006 | etbe

I was watching some music videos recently and was amazed by how badly dressed most performers were by today’s standards. As far as I can recall the only musician from the 80’s who still looks good in their videos is Robert Palmer, a suit and tie doesn’t go out of fashion.

I started thinking about what the computer equivalent to the suit and tie is. It’s something that never goes out of fashion and that is generally used for work. I came to the conclusion that C is the best fit. Think of languages such as VB and the .Net environment as being skivvies and high-waisted jeans.

C is not a perfect language, it is often difficult to manage text in C and LDAP programming is particularly painful (compared to Perl where it’s trivial). But then it’s quite inconvenient to wear a suit sometimes, you can sit on grass while wearing jeans but not in a suit.

Pictures of you wearing a suit will not look daggy by the standards of next decade, and C code that you write now will be better regarded than VB or whatever other fad language might be used.

what’s a good blog server for serious blogging?

September 10, 2006 | etbe

I’m getting sick of blogger. The main thing is that I’m simply not a user. Taking what someone else gives me and just putting up with any failings doesn’t suit me at all. I can deal with bugs in things I control (such as Linux distributions) because I can fix the bugs I consider important at any time.

So now I’m looking for a serious blogging program. WordPress was strongly recommended to me after my previous post on the topic of blogs, but that was in regard to a simple blog program for Intranet use. I am now after a blog program that is designed for Internet use, it must have good security, support multiple users (some of my friends will probably want to use my blog server machine), and not be overly difficult to customise (I am resigned to the fact that I will have to learn another programming language – probably re-learning PHP or Java as that is where web programming is at nowadays).

One thing that I want to do is to have the main web page that displays all recent posts display each post in a frame with a separate Adsense section. The topics of my posts vary a lot so I want to have adverts that match.

Another feature I want is to have multiple RSS feeds with different settings. One use for this is to have tags for each post to specify which channel(s) the post will end up on, another is for Adsense for feeds functionality which I want on for some feeds but off for others. I also want to generate multiple feeds for different syndication services. Ideally a syndication service such as Planet Debian or Planet Linux Australia would use a unique feed for sucking it’s own data and also have a unique feed address advertised on it’s site for the users (if this isn’t supported or desired at the syndication level then I can do tricks in the web server to serve different content for different IP addresses). That way I can track use by the different services, work around bugs in syndication services that matter to me, and change settings for post summaries, etc to suit the syndication service.

In terms of HTML editing I only need the most basic functionality. I would be entirely happy to write blog entries in raw HTML, my friends would probably desire line breaks to be converted to paragraph or break tags and basic linking functionality, but they could probably deal with entering bold and italic tags themselves (the few of my friends who couldn’t manage this would probably only want to write plain-text in paragraphs).

I also want to run my own syndication software. I guess I have to consider blog server and syndication server at the same time as there may be some dependencies (EG having them both written in the same language might be handy – I don’t want to re-learn BOTH Java and PHP). The syndication software would ideally automatically collect the feeds from other syndication services that I specify (although I’m sure I could write a simple Perl script to scrape them from the Planet web sites). Then I want to provide an RSS feed of that content for anyone who wants it.

Please let me know via email or comments if you have any suggestions about which software to use.

SE Linux is like a moat filled with sharks with laser attached head gear

September 9, 2006 | etbe

Here’s an interesting blog entry comparing SE Linux and AppArmor. It has some amusing comments, one of which I used for the title of this entry.

There are two things I don’t like about AppArmor. One is that it doesn’t label Inodes but instead bases it’s access control on file names. This means that renaming a file may change the access granted to it, and a file with multiple hard links may have different sets of access granted to each name. The hard link problem is a killer, imagine that name A grants execute access to the file and name B grants write access, therefore you have the ability to create an executable file.

The other thing I don’t like about AppArmor is that it’s goals are low. The current implementation of AppArmor can be compared to the SE Linux targeted policy. The difference is that AppArmor is currently achieving everything that it was designed to do while the targeted policy is intentionally providing less security features to give greater ease of use. There is a well defined transition path from targeted to strict, and from strict to MLS. There is no transition path from the current AppArmor implementation to something better.

Rumor has it that Suse have bought the rights to a MLS system and that they want to get LSPP certification. LSPP certification requires that access control be based on Inodes not file names (IE renaming a file may not change the access that is granted to it). It will be interesting to see how they integrate AppArmor and a MLS system.

communism and ticket “scalping”

September 8, 2006 | etbe

In the USSR the government fixed prices on all commodities, how desirable an item was merely determined the length of the queue not the price. Today in the same manner when purchasing tickets for concerts and sporting events the desirability of a ticket determines the length of the queue not the price.

It seems to me that the solution to the “scalping” problem that has recently been described in many newspapers is to have the companies that sell the tickets run a public auction. The current situation is denying fans the option of paying more money to guarantee a ticket, denying the musicians the best payment for their services, and not serving the best interests of anyone except the scalpers!

Internet auctions are easy to setup, ebay even has online store facilities that any merchant can use – it would be easy for any company that is running a concert to sell all the tickets at auction through ebay. People who don’t have the ability to access the Internet could pay an agent to bid for them so no-one would be excluded.

A well run ticket auction system would maximise revenue for the company selling the tickets and guarantee that fans can get tickets if they are prepared to pay enough. It would be best for everyone!

Some people with weird communist tendencies (the ones who want to emulate the least effective and useful aspects of the USSR) claim that the current ticket sales system (where all tickets are sold in 10 minutes to whoever queued for the longest time or phoned in at the right moment) allows poor people to purchase tickets at lower prices than an auction might deliver. What they fail to realise is that rich people pay others to queue for them, whether that is by paying scalpers who buy tickets in bulk or by paying one person to sit in a queue for them. There are people who are happy to sit in a queue for a few dollars per hour and people who pay them to stand in line.

etbe – Russell Coker

Linux, politics, and other interesting things

Monthly Archives: September 2006