Mplayer, Squeeze, and SE Linux on i386

I’ve just updated my SE Linux repository for Squeeze to better support running mplayer on the i386 architecture, below is the APT sources.list line:

deb squeeze selinux

The first issue is a bug in the compilation of the SDL libraries which makes them request an executable stack (bug #613535). Recompiling the libraries on my system caused this bug to go away, so it must be some issue with the compilation process. I have previously summarised the execstack issue, but we haven’t solved this yet [1].

The next issue is the fact that the ffmpeg libraries require execmod access (see my previous post for the details of the execmod issue [2]. The execmod issue with ffmpeg is pretty much the same as it was when I first wrote about the issue in 2008 [3]

Finally the allow_execmem boolean needs to be set on i386 with the command “setsebool -P allow_execmem 1” to allow libGL the access it needs. This is an issue I haven’t been able to solve, I don’t know why libGL needs write and execute access to memory, I posted to the SE Linux list about this some time ago but didn’t get any good answers [4]. Any suggestions would be appreciated.

Comment Policy

I’ve been thinking about the comment policy for my blogs. I have started deleting comments when people subscribe to comments and use fake email addresses (I get the bounces and it’s annoying).

Also I am deleting comments that don’t make much sense or which don’t address the topic of a post. Some people seem to search for blog posts marginally related to a topic that they want to vent about.

I’ve had someone request that a comment be removed because it was written by someone with the same name as him (see this post if you want to read the details [1]). I’ve written a short document about unique names on the Internet [2] on my documents blog, hopefully it will be useful for other people who become concerned when they discover that they don’t have a unique name.

My general policy about comments is probably going to be not to delete them unless requested by the author of the comment (if there is a good reason), and otherwise to only delete them for technical reasons or for being wildly off-topic.

One thing that seems missing from most blog ethics documents is a section on comments. When I write my own code of blog ethics I’ll have to write a section about this. Suggestions are welcome.

BoingBoing and Licenses

Today I was thrilled to see that Cory Doctorow (who among other things wrote one of my favourite Sci-fi novels [1]) copied one of my blog posts on to [2].

Then I reviewed the licence conditions (which had previously been contained in the About Page and is now a post on my documents blog [3]) and discovered that I had not permitted such use!

In the second part of this post (not included in the RSS feed) I have the old and new license conditions for my blog content. My plan is that my document blog [4] will have the current version of such documents while this blog will have every iteration along the way.

The new version of my license explicitly permits BoingBoing to do what they want with my content. I don’t have any objection to what Cory did, and I would have been rather unhappy if he had sent me an email saying “I wanted to feature your post on BoingBoing but sorry you miss out because of your license”. But his procedure does not work well.

Now I am wondering, how do I construct a license agreement that permits my content to be used by big popular sites that give my blog new readers and my ideas a wider audience while denying the content to sploggers who just want to use my patterns of words for google hits? How do I permit my content to be used by people who contribute as much to the community as Cory but deny it to talentless people who want to exploit my work while contributing nothing to the world? How can I ensure that people who want to reference my work can learn about the licence conditions (the About Page apparently doesn’t work)? These are serious questions and I invite suggestions as to how to solve them.

The fact that I have forgiven Cory for not abiding by my license and granted him permission to do the same thing again whenever he wishes is not the ideal solution. For authors to find people who copy their work and respond with forgiveness or DMCA take-down notices according to who does the copying and the reason for it is a losing game and a distraction from the work of creating the useful content.

I understand the BoingBoing situation, they deliver summaries and copies of blog posts rapidly and frequently. Discovering conditions of use and asking for clarification from the authors (which may take days or weeks) would really affect the process. Also anyone who reads my blog would probably realise that I want to have such posts copied on sites such as BoingBoing.

Continue reading “BoingBoing and Licenses”

My SE Linux Etch Repository

deb etch selinux

The above sources.list line has all the i386 packages needed for running SE Linux with strict policy on Etch as well as a couple of packages that are not strictly needed but which are really convenient (to solve the executable stack issue).

gpg --keyserver hkp:// --recv-key F5C75256
gpg -a --export F5C75256 | apt-key add –

To use it without warnings you need to download and install my GPG key, the above two commands do this. You will of course have to verify my key in some way to make sure that it has not been replaced in a MITM attack.

The only thing missing is a change to /etc/init.d/udev to have a new script called /sbin/start_udev used to replace the make_extra_nodes function (so that the make_extra_nodes functionality can run in a different context). Of course a hostile init script could always exploit this to take over the more privileged domain, but I believe that running the init scripts in a confined domain does produce some minor benefits against minor bugs (as opposed to having the init scripts entirely owned).

I back-ported all the SE Linux libraries from unstable because the version in Etch doesn’t support removing roles from a user definition by the “semanage user -m” command (you can grant a user extra roles but not remove any roles). Trying to determine where in the libraries this bug occurred was too difficult.

Does anyone know of a good document on how to create repositories with apt-ftparchive? My current attempts are gross hacks but I’ve gone live anyway as the package data is good and the apt configuration basically works.

Lazyweb Posts

A common practice in the blog space is to write posts that ask a question in the hope that someone else will answer it via a comment or a post. This is known as a “Lazyweb Post”.

It seems to me that the way of managing such posts could be improved with a little informal cooperation. From now on I plan to tag each Lazyweb post with a Lazyweb Tag, now any reader of my blog can with a single click see all the unanswered lazyweb posts that I have written (I will remove the tag once an adequate answer has been provided or I have discovered and documented the solution myself).

Almost all bloggers want to get more traffic to their blogs, the question is how to get traffic of the nature that you desire. Links from blogs that you like are a preferred source of traffic. If a blogger that you would like to receive a link from has a lazyweb tag or category then it provides a good list of ideas for post topics that will get you the links you desire. Such lists would also be good for determining what information is not generally available and which therefore can be used for the topics of original posts.

Such tags or categories should also be good for getting answers to lazyweb posts. I’ll start doing this and see how well it takes off.