clean energy

There are many people claiming that nuclear power will solve all the ills of the world. However this does not seem to be possible. Firstly you have to consider the hidden costs of nuclear power such as deaths from the mining industry (ingesting uranium ore is a really bad thing) and the difficulty in disposing of radioactive waste. But rather than concentrating on the bad aspects of nuclear power (which are well documented) I will concentrate on some of the viable alternatives.

Wind power is a really good option, particularly for countries such as Australia that have a low population density and a large land area. The Chinese government is investing heavily in wind power, I think it’s safe to assume that it’s not because they are great environmentalists but because they simply need more energy than they can get from other sources and that they have strategic reasons for not wanting to rely on Australian coal and uranium or Arabian oil. Most energy sources have some drawbacks, but wind power has no side effects and isn’t going to kill birds either (birds have evolved the ability to detect and avoid predatory birds, they can easily avoid large fixed objects such as fans from wind farms).

Two other good options are wave and tidal power. These are better than river based hydro-electricity because there is no need to create dams that remove forests. Wave and tidal power are both very predictable which is an advantage when compared to wind power which is less predictable. One solution to the unpredictability of wind power is to couple it with a river based hydro-electric system which can provide electricity when there is less wind. A hydro-electric system to compensate for days that are less windy would need a much smaller dam than one that is designed to provide the main power source.

The next issue is how to power vehicles (on air, land, and sea). Advocates of nuclear power often talk about hydrogen powered cars. However while hydrogen has a good ratio of energy to weight it is not very dense, so the energy density for volume is much less than petrol. Combining Prius technology with
hydrogen in an internal combustion engine still won’t give the distance per tank of fuel as petrol does. Hydrogen with fuel cells in an all electric vehicle might allow you to drive the same distance as a non-hybrid car on petrol, but probably won’t compare to the range of a hybrid Diesel vehicle.

Bio-Diesel is a good option for fuelling cars. Diesel engines give greater efficiency than Otto cycle (the most common car engine) or Atkinson cycle (as used in the Prius) engines. Not only is bio-Diesel renewable but it also produces exhaust that is less toxic than that which is produced from fossil fuels. See the VeggieVan site for more details on bio-Diesel. The toxic fossil fuels are linked to health problems in airline hostesses, AFAIK there has been no research on the impact of car exhaust on pedestrians.

One thing to note about bie-Diesel is that you can do it right now. According to a British TV documentary all you have to do is filter oil that was used for frying food (they used oil from a Mexican restaurant) and mix it with a small amount of ethanol and it’s ready to use in your car. As restaurants currently have to pay to dispose of old frying oil this should be good for everyone!

Bio-Diesel could work for powering planes, there is already research in progress on this issue, but there are problems related to the viscosity of bio-Diesel at low temperatures. Maybe a blend of bio-Diesel and bio-Ethanol would work. Ethanol freezes at -114.3C and should lower the freeze temperature of bio-Diesel.

Bio-Diesel would of course work really well for ships. Supplying the amount of fuel that current ships need would be difficult. Some analysis shows that the deck area of a ship can collect enough sunlight to supply ~10% of the power needs of the ship. The Orcelle is a design for a totally clean ship that runs on solar, wind, and wave power. However with the proposed design the solar panels will not be angled effectively for collecting sunlight as they will be on sails. I think that there is a lot of potential in having a design based around sails, wave and solar power for generating electricity, and also a Diesel engine running on bio-Diesel fuel for supplying extra power when required (EG when sailing at night in calm weather). Building a ship that uses only wind, solar, and wave power would probably be significantly more expensive than the current Diesel design. Building a ship that uses 10% Diesel and 90% wind, solar, and wave power might be a lot cheaper.

There are lots of ways of producing the energy we need to maintain our current standard of living. If our government was to spend as much money researching them as it does protecting petroleum reserves then the problem would be solved.

first significant project goes live

One advantage of not being a permanent employee is that I am free to do paid work for other people. This not only gives a greater income but also a wider scope of work.

I’ve just completed my first significant project since leaving Red Hat. The Inumbers project provides an email address for every mobile phone. If you know someone’s mobile phone number but don’t have an email address then you can send email to where NNN is the international format mobile phone number. The recipient will receive an SMS advising them how to sign up and collect the email.

It was fun work, I had to learn how to implement SRS (which I had been meaning to do for a few years), write scripts to interface with a bulk SMS service, and do a few other things that were new to me.

SRS development

I’ve been working on a mail forwarding system which required me to implement SRS to allow people who use SPF to be customers of the service (as I use SPF on my domain it’s fairly important to me). Reading the web pages before actually trying to implement it things seemed quite easy. All over the web you will see instructions to just set up an /etc/aliases file that pipes mail through the srs utility.

The problem is that none of the srs utility programs actually support piped mail. It seems that the early design idea was to support piped mail but no-one actually implemented it that way. So you can call the srs utility to discover what the munged (cryptographically secure hash signed) originator of the email should be but you have to do the actual email via something else.

This wasn’t so much of a problem for me as I use my own custom maildrop agent to forward the mail instead of using /etc/aliases (Postfix doesn’t support what I want to do with /etc/aliases – dynamically changing the email routing as you receive it isn’t something that Postfix handles internally).

However I still have one problem. Sometimes I get two or three copies of the SPF header from Postfix when it checks them.

In my file I have a smtpd_recipient_restrictions configuration directive that contains check_policy_service unix:private/spfpolicy and the Postfix file has the following:

spfpolicy unix - n n - - spawn user=USER argv=/PATH/

Does anyone have any ideas why I would get multiple SPF checks and therefore multiple email header lines such as:

Received-SPF: none ( domain of does not designate permitted sender hosts)
Received-SPF: none ( domain of does not designate permitted sender hosts)
[some other headers]
Received-SPF: pass (inumbers: domain of designates as permitted sender)
Received-SPF: pass (inumbers: domain of designates as permitted sender)
Received-SPF: pass (inumbers: domain of designates as permitted sender)

The email went through one mail router and then hit the destination machine, but somehow got 5 SPF checks along the way. Also the pair of identical checks had no lined between them and the set of three identical checks also had no lines between them. So multiple checks were performed without any forwarding. It seems that a single port 25 connection is giving two or three checks. Both machines run Postfix with SPF checking that is essentially idential (apart from being slightly different versions, Debian/unstable and RHEL4).

Any advice on how to fix this would be appreciated.

which blog and syndication server to use?

I’m currently working for a company that in the past has not embraced new technology. One of my colleagues recently installed a wiki which did a lot of good in terms of organizing the internal documentation.

The next step is to install some blogging software. What I want is to have every sys-admin run a blog of what they are doing and have an aggregation of all the team’s blogs for when anyone wants to see a complete list of what’s been done recently. The security does not have to be particularly high as it’s an internal service (probably everyone will use the same account). The ability to store draft posts would be really handy, but apart from that none of the advanced features are really needed.

Also it would be handy to be able to tag posts. For example if userA did some work on the mail server they would tag it with SMTP and then at some future time it would be possible to view all posts with the SMTP tag.

I’ve done a search on google for this topic and there are many pages comparing blog software. But all the comparisons seem based on Internet use, they talk about what versions of RSS are supported etc. But I don’t need much of that. An ancient version of RSS will do as long as there is a single syndication program that can support it. Performance doesn’t have to be great either, I’m looking at less than a dozen people posting and reading and a fairly big Opteron server with a decent RAID array.

For the minimal requirements I could probably write blog and syndication programs as CGI-BIN scripts in a couple of days. They wouldn’t support RSS or XML but that’s no big deal. But I expect that if I use some existing software that someone recommends in a blog comment it will be faster to install and have some possibility of future upgrades.

combining two domains in SE Linux

To get the maximum value out of my writing when I am asked a question that is of general interest in private mail I will (without in any way identifying the person or giving any specifics of their work) blog my reply. I hope that not only will this benefit the general readers, but also the person who originally asked the question may benefit from reading blog comments.

The question is “I wonder whether I can define a domain which is a union of two existing domain, that is, define a new domain X, which has all the privilege domain Y and Z has got”.

There is no way to say in one line of policy “let foo_t do everything that bar_t and baz_t can do” (for reasons I will explain later). However you can easily define a domain to have the privileges that two other domains have.

If you have bar.te and baz.te then a start is:
grep ^allow bar.te baz.te | sed -e s/bar/foo/ -e s/baz/foo/ >> foo.te
Then you need to just define foo_t in the file foo.te and define an entry-point type and a suitable domain_auto_trans() rule to enter the domain.

There are other macros that allow operations that don’t fit easily into a grep command, but they aren’t difficult to manage.

The only tricky area is if you have the following:
domain_auto_trans(bar_t, shell_exec_t, whatever1_t)
domain_auto_trans(baz_t, shell_exec_t, whatever2_t)

As every domain_auto_trans() needs to have a single target type those two lines conflict so you will need to decide which one you want to merge. This is the reason why you can’t just merge two domains. Also the same applies for file_type_auto_trans() rules and for booleans in some situations.

Linux on the Desktop

I started using Linux in 1993. I initially used it only in text-mode as I didn’t have enough RAM to run XFree86 on my Linux machine. I ran text-mode Linux server machines from 1993 to 1998. In 1998 I purchased my first laptop and installed Linux with KDE on it. I chose KDE because it had the greatest similarity to OS/2 which I had used as my desktop OS prior to that time. At the same time I purchased an identical laptop for my sister and gave her an identical configuration of Linux and KDE.

Running a Linux laptop in 1998 was a lot harder for a non-technical person than it is today. There was little compatability with MS file formats and few options for support for Internet connections and third-party hardware and software (most things worked but you needed to know what to do). One advantage of using Linux in this regard is that the remote support options have always been good, I was able to fix my sister’s laptop no matter which country she was in and which country I was in. Her laptop kept working for more than 5 years without the need for a reinstall (try that on Windows).

It was when VMWare first became available (maybe 2000) that I converted my parents to using Linux. At first they complained a bit about it being different and found VMWare less convenient than the OS/2 Dos box for running their old DOS programs. But eventually they broke their dependence on DOS programs and things ran fairly smoothly. There were occasions when they complained about not having perceived benefits of Windows (such as the supposed ability to plug in random pieces of hardware and have things all work perfectly). The fact that using OS/2 and then Linux has given them 14 years of computer use with no viruses and no trojans tends to get overlooked.

Of recent times the only problem that my parents have experienced is when they bought a random cheap printer without asking my advice. The printer in question turned out to not work with Fedora Core 4, but when Fedora Core 5 came out the printer worked. Waiting 6 months for a printer upgrade isn’t really a serious problem (the old printer which had worked 6+ years was still going strong).

My parents and my sister now have second-hand P3 desktop machines running Fedora. P3 CPUs dissipate significantly less heat than P4 and Athlon CPUs, this significantly reduces the risk of hard drives dying when machines are left on in unairconditioned rooms as well as saving money on electricity. For the typical home user who doesn’t play 3D games there is no real need for a CPU that’s more powerful than a 1GHz P3. This of course means that there is less need for me to reinstall on newer hardware which also means more reliability.

I always find it strange when people claim that Linux isn’t ready for the desktop. I provide all the support for three non-technical users of Linux on the desktop and it really doesn’t take much work because things just work. Corporate desktops are even easier, in a company you install what people need for their work and don’t permit them to do anything different.

It seems to me that Linux has been ready for the desktop since 1998.

common mistakes in presentations

I attend many presentations and have seen many that had a lower quality than they should have. Some things are difficult to change (for example I have difficulty speaking slowly). But there are some things that are easy to change that many people seem to get wrong and I will list some that stand out to me.

Unreadable presentation notes. You have to use a reasonably large font for it to be read by most people in the room. This means probably a maximum of about 16 lines of text on the screen. I have attended some presentations where I couldn’t read the text from the middle of the room!

Too many slides. On a few occasions I have heard people boasting about how many slides they are going to use. An average of more than one slide per minute does not mean that you have done a good talk, it may mean the exact opposite. One of my recent talks had 8 slides of main content plus an introductory slide while waiting for people to arrive and a Q/A slide with my email address and some URLs for the end. The speaking slot was 30 minutes giving an average of a slide every 3-4 minutes.

Paging through slides too quickly. If you have 60 slides for a one hour talk then you will have no possibility of going through them at a reasonable speed (see above). Even if you have a reasonable number of slides you may go through some of them too quickly. On one occasion a presentation included a slide with text that was too small to read, I tried to count the lines of text but only got to 30 before the presenter went to the next slide.

Using slides as reading material for after the lecture. Sure it can be useful for people to review your notes after the lecture, and it’s generally better to give them the notes than to have them be so busy writing notes that they miss somehting you say. But if you want to have something verbose and detailed that can’t be spoken about in the lecture then the thing to do is to write a paper for the delegates to read. Serious conferences have papers that they publish (minimum length is generally 4 solid A4 pages) which are presented by a talk of 30 to 60 minutes. That way people get a talk as an introduction and they get some serious reference material if they want to know more. Also people who miss the talk can read the paper and get much of the value. Is it not possible for slides to take the place of a paper.

Bad diagrams. Diagrams should be really simple (see the paragraph about readable text). It is OK to have diagrams that don’t stand alone and need to be described, a lecture is primarily about talking not showing pictures.

When simplifying diagrams make sure that they still represent what actually happens. Simplifying diagrams such that they don’t match what you are talking about doesn’t help.

Animations. The only thing that is animated in the front of the room should be the person giving the presentation. Otherwise just do the entire thing in flash, publish it on the web, and don’t bother giving a talk.

Staged content, particularly when used as a surprise. Having a line of text appear with every click of the mouse forces the audience to stay with you every step of the way. This may work for primary school students but does not work for an intelligent audience. Give them a screen full at a time and let them read it in any order that they like. This is worst when they someone tries to surprise the audience with a punchy line at the end of every paragraph. Surprising the audience once per talk is difficult. Trying to do it every paragraph is just annoying.

One final tip that isn’t as serious but is not obvious enough to deserve a mention. Use black text on a white background, this gives good contrast that can be seen regardless of color-blindness and with the bright background the room is lit up even if all the lights are off. The audience wants to see you and sometimes this is only possible by projector light. Also the more light that comes out of the projector the less heat that builds up inside, it can really mess up a presentation if the projector overheats.

more security foolishness

Dutch police arrested 12 people for acting suspiciously on a flight to India. A passenger said “They were not paying attention to what the flight attendents were saying”, I don’t pay attention to the flight attendents either. When you fly more than 10 times a year you learn how to do up your seat-belt and when it’s appropriate to use your laptop, so once you know where the emergency exits are you can read a book ot talk to other passengers. The 12 people who were arrested were apparently exchanging mobile phones – strange, they have never asked people not to do that.

The 12 people have since been released. The cost of canceling flights due to security scares is significant for the airline companies. The fear that this induces in the public (both of terrorism and of stupid police) causes them to be less likely to fly which hurts the airline industry even more as well as also hurting the tourism industry.

The US is more dependent on air travel than any other country due to a severe lack of public transport. Australia is also very dependent on air travel due to large distances and no land connection to any other country. The UK also seems to have more of a need for air travel than other EU countries.

If exchanging mobile phones can interfere with air travel then people who dislike the US and the other countries in the coalition of the willing/stupid can cause serious economic damage by trivial things such as exchanging phones in-flight or writing BOB on a sick bag without any risk to themselves.

The war on terror is already as good as lost. William S. Lind‘s blog is a good source of information on some of the ways that the US is losing. It’s a pity that the Australian and UK governments are determined to take their countries down with the US.

2006 Open Source Symposium

Today (well yesterday as of 30 minutes ago) I spoke at the Open Source Symposium in Melbourne. This is an event sponsored by Red Hat. The first day was the business day and the second day was the Red Hat developers day.

I attended both days and spoke on the second day (today). My talk was about designing and implementing a secure system on Red Hat Enterprise Linux 4 (the Inumbers system for gatewaying SMS to email which is currently in Beta at the time of writing). I covered the issues of designing systems for least privilege via a set of cooperating processes under different UIDs. Secure coding principles, and SE Linux policy design. My presentation notes are HERE (in OpenOffice 2.0 format).

The talk seemed to be well accepted, so I’ll probably offer variations of it at other venues in the near future. I’m thinking of making a half-day workshop out of it.

While at the symposium one of the SGI guys mentioned that an XFS expert was in Melbourne temporarily. I suggested that such experts should be encouraged to give a talk about their work when they are in town. As a result of that I arranged a venue for a talk on XFS, I had the venue arranged in about 4 hours, which resulted in about 24 hours notice given to LUV members. I wasn’t able to attend the meeting due to prior commitments, so I’m not sure how it went.

fair trade is the Linux way

I have recently purchased a large quantity of fair trade chocolate. Fair trade means that the people who produce the products will be paid a fair price for their products which will enable them to send their children to school, pay for adequate health-care, etc. Paying a small price premium on products such as coffee and chocolate usually makes no notable difference to the living expenses of someone in a first-world country such as Australia, but can make a huge difference to the standard of living of the people who produce the products. Also fair-trade products are generally of a very high quality, you are paying for the best quality as well as the best conditions of the workers.

I will share this chocolate at the next LUV meeting, hopefully the people who attend will agree that the chocolate is both of a high quality as well as being good in principle and that they will want to buy it too.

The Fair Trade chocolate I bought cost $6.95 per 100g. I went to Safeway (local bulk food store with low prices) to get prices on other chocolate to compare. Lindt (cheaper Swiss chocolate) costs $3.09 per 100g and has a special of $2.54. The Lindt and the Fair Trade chocolate are both 70%, but the Fair Trade chocolate is significantly smoother, has a slightly better aroma, and a better after-taste. So the Fair Trade chocolate costs slightly more than twice as much as Lindt, but I believe that it has a quality to match the price. Then I compared the price of a cheap chocolate, Cadbury Old Gold chocolate is also 70% cocoa and costs $4.29 for 220g, this makes it between 3.5 and 4.4 times cheaper than the Fair Trade chocolate. But if you like chocolate then Cadbury products probably aren’t on the shopping list anyway. I believe that the Fair Trade chocolate I bought can be justified on the basis of flavor alone without regard to the ethical issues.

All Linux users know what it’s like to have their quality of life restricted by an oppressive monopoly. We are fortunate in that it only affects us in small ways, not in our ability to purchase adequate food and health care. As we oppose software monopolies that hurt us in the computer industry we must also oppose monopolies in the food industry that hurt people in third-world countries. The fair trade programs are the best way I know of doing that. Hopefully after tasting the chocolate many LUV members will want to buy it too.