At there are a heap of quotes from Debian people, and more than a few from me. It’s strange reading my own writing in someone else’s quote file. Some things seem so removed from context that there is little point to them. For some things I couldn’t even remember writing them and had to ask google. There were some things which seemed wrong, but google showed list aschives proving the quote file to be correct.

Also when googling my quotes I found that I had written an amusing and apparently quotable flame to someone who was far from the top of the list of deserving recipients of flames.

For anyone who reads the quotes, the Double Woody refers to Balvenie Double-Wood Scotch whisky. When Debian Woody was first released I would regularly bring a bottle of the Double Wood to Debian meetings.

RSS feed size and Planet

For fun I just set up my own Planet. Reading both Planet Debian and Planet Linux Australia is a bit of a drag due to the overlap. So I wrote a little Perl script to extract the feeds from both those sources and generate a Planet configuration. My planet is publicly available in case anyone is interested. Also you will notice that I have a formatting problem on my planet, if anyone has some advice on planet templates (I’m using the Debian package) then please let me know.

While playing with Planet I noticed that my blog has one of the largest file sizes of all the blogs from Planet Debian and Planet Linux Australia. That would be partly due to writing blog entries of moderate size and trying to maintain an average of one post per day. But also I imagine that it woul d be partly due to the blogger configuration.

I changed my main blog page from 14 days to 7 days (which took the index.html size from 80K down to 40K). But strangely I can’t seem to change the number of days that are to be kept in the RSS feed file which remains at about 80K.

It seems to me that the feed mechanism is badly designed in this regard. A more efficient mechanism would be to send an XML file that describes the other blog entries, which could then be downloaded IFF they meet the criteria that are desired by the syndication software (and IFF they have not already been downloaded). If the web server and the syndication program are correctly configured then the requests could be chained on the same TCP connection for no loss of performance under any situation when compared to the way things currently work.

Also as many (most?) RSS and ATOM feed files are generated from a database it might be difficult to preserve the creation time, and thus I expect that most web caching is also broken. I haven’t verified this though.

Also it would be handy if there was a mechanism for syndication programs to request notification of changes and for a blog server to push content to a syndication server. I have Planet running every 6 hours, some of the blogs I read are updated once per week, apparently my Planet server does 28 downloads of the entire XML file for every change. This might not sound so bad, but there are planets which run every hour and would therefore have 168 downloads per week.

Please let me know if you have any ideas of how to alleviate these problems, or if there are already solutions of which I am not aware.

Supersize Me

I recently watched the movie Super Size Me. Due to working some strange hours I’ve been eating more fast-food than usual recently and had experienced some of the symptoms that were featured in that movie.

So now I have decided to improve my diet. From now on I will go hungry rather than eating from McDonalds, KFC, and other bad food except in the rare situation that it’s free (recently they had a free pizza day for my 9-5 contract). Recently I have often been having chicken rolls or stir-fried noodles for lunch (one of those two every working day), now I’m going to only have those meals rarely and have Japanese food most days (Japanese food that is half-decent is much healthier than most restaurant food). I will only drink Coke when I’m tired and I’m working on something that’s not exciting enough to keep me awake without help.

Super Size Me also made reference to the academic results of children improving when their diet was improved. Based on this evidence it seems obvious to me that coding ability will also be partly dependent on diet. I expect that many people who read my blog have already proved that they can write good code while living on the worst food, but maybe they could write great code if they had better food!

From now on I will not take part in any LUG meeting that involves fast food. I think that for the good of the community we need to discourage people from actions that would impair their coding ability.

Before anyone asks, I don’t plan to cease drinking alcohol. Although in recent times I have been drinking such small amounts that it’s unlikely to cause any health problems.

more on vision

I had a few comments on my last so I decided to write a new post about it.

Firstly in regard to Elspeth’s comment. I agree that children should wear glasses if necessary. That part of my entry was not clear, I was trying to make the point that I can understand children not wanting to wear glasses because they think it’s uncool. But adults should make decisions on more important things such as what is best for their eyes. There are real reasons for needing eye surgery, if without glasses your vision is so bad that you are legally blind then an ophthalmologist may recommend surgery for that. In cases of extreme vision problems apparently a combination of surgery and glasses is required for good results. I also think it makes sense for people who need surgery for their work, for example athletes such as Tiger Woods. Looking cool is not a real reason for surgery, especially not for the small increment of coolness that some people believe is associated with not wearing glasses.

All operations involve some risk. Risk to your vision is not worth a small amount of convenience and possibly looking cool. Besides, it’s widely regarded that people with glasses are more intelligent! ;)

Shintaro mentioned that there is a risk of retinal damage from being short-sighted. What I want to know is whether the risk of that can be alleviated if you wear glasses all the time? If you wear your glasses everywhere except in bed, in the shower, and in the sento, does that stop this problem? Maybe I should try and wear my glasses for more than the ~15 hours a day that I currently do.

Finally an anonymous poster noted that they didn’t know anyone else who had an optical migraine. My ophthalmologist mentioned that it’s rare to have a migraine that only affects the vision and nothing else. I feel fortunate to have it like that, the list of other migraine symptoms sounds very unpleasant. Of course only having had it once I can’t be sure that next time it will be the same. I might get the nasty symptoms next time. :(

However one problem with what I experienced is that it came on suddenly with no warning. It would be very unpleasant to suddenly lose central vision while driving (I would have to hope that the ability to react to objects without consciously noticing them works well). Fortunately I have only been driving about 300K per month in recent years and I can probably reduce this. So the chance of it happening while driving is quite small.


At the start of the year I suffered a minor injury to my left eye. This brought my vision down to slightly below average for my age. A doctor and an ophthalmologist both thought that my vision was good enough at this level and that I don’t need glasses. But the ability to use a small font means that I can have more text on screen and thus do my work more effectively. Since about March I have worn glasses all the time. Regardless of what the experts say I want to have good vision all the time and there is a significant difference between my vision while wearing glasses and that without.

It’s often recommended that people get their eyes tested about every 2 years from when they are in their late 20’s and also get a test done a few months after any eye injury. I strongly support such recommendations for anyone who works in the computer industry. Even if your vision is slightly less than it could be it will make a difference to your work. I have not found glasses to cause me any inconvenience, I’m sure that it would be bad for children to wear glasses but for adults the only potential issue is when playing sport (which is less demanding on your vision than reading an 8 point font on a typical monitor). I am constantly amazed by TV and radio adverts which say “do you wear glasses, if so then you must have considered LASER eye surgery“. Glasses are fine (IMHO) and I will not consider having a LASER or other dangerous object pointed at my eyes unless I am in danger of death or blindness!

The testing apparatus that an optometrist uses is interesting to inspect if you like machines. It is a device with a huge selection of levers for inserting different lenses in front of your eyes until they discover the combination that gives you the best vision. If you get your eyes tested make sure you get the optometrist to explain everything, you can learn many interesting things.

Recently, I have had a further eye problem. Recently my central vision went blurry with a shimmering affect for about 40 minutes, but the peripheral vision was OK. An ophthalmologist diagnosed this as a migraine, apparently I got a very mild one with only a minor visual affect but no headache etc. One thing that is apparently possible when experiencing migraine related vision impairments is the ability to act on visual information without consciously knowing it (EG catch a ball without seeing it).

A migraine is a better diagnosis than I had feared. The movie Super Size Me (the topic of tomorrow’s blog entry) contains an interview with a main who describes a diabetic vision problem that sounded similar to mine. Migraines don’t cause permanent problems while diabetes can, and diabetes requires lots of unpleasant blood tests and injections.

Apparently migraines are often triggered by physical events or food items. If you suffer one then it’s recommended that you write down as much information as possible about the previous 24 hours to help track down the cause. If you experience something similar to what I describe then do not take this blog entry as medical advice, instead rely on a doctor and whichever specialist they refer you to. But do write down everything that happened prior to the medical problem (keeping an accurate diary can’t do any harm).

The Wikipedia entry on Migraines has a lot more interesting information, but don’t take it as medical advice either. One particularly interesting thing in the Wikipedia article is the note that migraines may be caused by not having suitable glasses, or prevented by wearing special glasses.

War On Terror – the game

TerrorBullGames has just released the board game War On Terror. The first I heard of this was a short article in a local news paper about how much the game has offended some people (quoting someone who was injured in the London bombings). A co-creator of the game Andy Thompkins said “We accept that some people think this is in poor taste and may see it as puerile. But we would say that launching an illegal war on Iraq is in poor taste”.

It’s not as if profiting from terrorism is anything new. Governments in Australia, the UK, and the US have profited from it at the ballot box and also used it to stifle opposition parties to get unpopular legislation approved. An example of this is the attempts of the Bush regeime to legalise torture, see the Washington Post and The Age (Australia).

Shortly after 9-11 almost every computer company that had anything to do with backups or disaster-recovery was advertising heavily. Oil companies have done particularly well with high prices, they would have done even better if the plans for Iraq had succeeded.

TerrorBullGames appears to have an aim to draw attention to the lies of politicians, which makes them better than everyone else who has profited from 9-11. Maybe if they draw enough attention to the bad things that our governments are doing they can influence the results of elections, and we can get governments that don’t promote terrorism.

Here’s a review of the game.

siteminder – what you expect from CA

Recently I’ve been unfortunate enough to be the sys-admin of some systems running CA software, the specific horror in this case is Siteminder.

The latest excitement was when an important machine stopped working abruptly and gave the error “ff ff ff ff” in the Apache error log. I have been familiar with the error message “ff ff ff” which means that the Siteminder policy server can not be contacted. But it took me a while to discover a message in the policy server logs indicating that a client was connecting to it with an invalid shared secret. It seems that the policy server had suddenly changed it’s shared secret for no reason I could determine.

A google search for this issue turned up a single blog entry about it, which reports the “ff ff ff ff” error message as appearing in the case where the “ff ff ff” error occurs on the machines I run. Maybe I’m running a newer version, or maybe drax0r wrote the wrong error message by mistake. My colleagues have seen the error message “ff ff“, we are still unsure of what that means.

For people who haven’t used Siteminder I’ll briefly describe how it works. There is a 2MB Apache module (larger than httpd and all the modules shipped in the RHEL package) that implements the access control and content management (compiled with -g, presumably because it will SEGV if compiled with -O2). This module spawns a daemon from Apache. Unfortunately the daemon code drops the root UID but does not drop the root GID (fun for security), I wrote a patch to the runuser program that can be used to address this by changing GID before running Apache. Then all communication between Apache and the policy server goes via the daemon process via sys-v IPC. Of course if the daemon crashes then the IPC resources are not freed and then it won’t restart unless the system is rebooted or the semaphores are manually removed.

why I joined the Australian Greens

In 2004 I was browsing the web sites of the various political parties to see how they met my needs. The only party that stood out was the Greens. The reason for this is that they had some material on their web site that was positive towards free software and made mention of helping members install Linux (apparently they ran some sort of Linux install-fest for their members).

Earlier this year when I offered to burn copies of Fedora Core 5 for anyone who wants it, one person who accepted was Matthew Wright of the Victorian Greens. As I was in the area I dropped the CDs in to the Greens office. It seems that the principles of the Green party agree with my beliefs in almost all areas.

The Greens Charter has many points that might surprise some people, the majority of the points in the charter do not directly relate to the environment. Many people join the Greens without having the environment as a key issue, the issues of social justice, non-violence, and free flow of information attract many people. The Greens IT policy has attracted quite a number of people in the Linux community!

Also it should be noted that concern for the environment does not require that you like the environment! If you want to spend all your life inside a building in front of a computer then you still want good quality food and an absence of natural disasters. The environment is bigger than us, we depend on it, and we don’t understand much about it. The fact that different experts give differing opinions about the scope of the global-warming problem is not a reason for complacency, in fact it’s the opposite – it’s a reason to be cautious about things we don’t understand that can kill us!

The Green parties in other countries are all independent (while still loosely associated as part of the international Green movement). So there will be some differences in the policies of the Green parties in different countries. But I expect that there will be a lot in common.

A final positive thing about the Green party is the integrity of the people in the party. Unlike most politicians you can expect the Green senators to do what they promise to do and to vote according to party policy.

the next feature for a spy movie

I have noticed that motion sensors on burglar alarms don’t detect small movements. Presumably they are also less effective at detecting small objects that move (otherwise they couldn’t be used if there were mice).

For an adult to move slowly enough to avoid detection by the typical cheap burglar alarms is quite difficult, and probably almost impossible to do reliably. For a small machine to move slowly enough that it’s combination of size and speed doesn’t get detected would be much easier.

So it should be possible to design a burglary robot that can open doors and crawl across the floor slowly enough that the alarms are not tripped. Such a robot could step over laser beams (which you always have in movies) much more easily than Catherine Zeta-Jones and then crawl up the wall to the motion sensor and disable it.

In a movie such a robot would probably be autonomous, but for constructing one in real-life 802.11 control would be the way to go.

If someone from Hollywood is reading my blog, please feel free to offer me an obscene amount of money for this idea. ;)

sendmail – the MTA for insecure systems

Sendmail is the most prevalent Unix MTA. It is the oldest MTA and is still one of the most powerful ones that are available. However it has never been known for being secure.

Most of it’s bad reputation comes from regularly having serious security holes. The above URL has the most recent one. Neither Qmail nor Postfix has had a serious security issue. Dan and Wietse appear to have aggressively audited each other’s code in an attempt to find such a hole without success.

Sendmail was initially designed with a single process running as root which does everything. Any bug in that program and you lose. In recent times you have two processes, one of which doesn’t run as root. This alleviates the problem but doesn’t compare to the 10+ programs that may be run for different tasks on a Postfix or Qmail system, of which only two will have root access (the local delivery process and the master controlling process).

Another part of the Sendmail problem is the crufty old code. Exim has a similar design to Sendmail in terms of process duties, but has a much better security history due to being written more recently.

On many occasions over the last ~8 years I have had debates with Sendmail advocates regarding the security issues. The Sendmail advocates have consistently claimed that all the bugs are fixed now and Sendmail is only attacked because it’s popular. Given the track record it seems that it’s a bad idea to claim that the security flaws have all been fixed.

In regard to the popularity issue we have to keep in mind that fact that Windows has a much larger user-base than Linux. Any argument that you might make in favor of Sendmail over Postfix in terms of security flaws being a function of popularity is an argument in favor of Windows over Linux. I find it particularly amusing when BSD users claim that Sendmail only gets cracked because it’s popular. What does that say about the security of BSD given that BSD is much less popular than Linux?

On many occasions people have pointed out to me that you can run Sendmail as non-root. Almost 10 years ago I wrote a web page describing how to do this. Doing that has always been a hack, although it should work reasonably well for a machine that only runs Sendmail as an outbound relay.

Sendmail was a nice MTA in the early 90’s. But it’s time has passed. Let’s all upgrade to mail server software that doesn’t require regular security updates. Sendmail and Exchange belong in a software museum, not on the net.