Well, that was fun :) A couple of days ago, I accidentally discovered that the simple little text-based "hangman" game on my Debian system would just freeze (with lots of disk activity) each and every time I started it up.
It turned out that a Bulgarian dictionary (or, rather, wordlist) was the reason, but the fault still lies with hangman - as witnessed by Debian bug #610270.
Some of you may have noticed that I've been trying — slowly but surely — to introduce various interesting and useful utilities from BSD-land into my favorite Linux distribution, Debian. After a so-so start with truncate and an unqualified success with dma (if I say so myself), today it's netpgp's turn.
I only learned about netpgp today after reading a description of Alistair Crooks's talk at EuroBSDCon 2010, which I was sadly unable to attend. “A BSD-licensed crypto library and a drop-in GnuPG replacement? That's cool!” — so I hunted it down, compiled it, ran its test suite — and here's my intent-to-package e-mail.
I hope netpgp gains agent support soon — this is almost the only thing that is stopping me from using it instead of GnuPG!
Just two tips that I'm writing down here so I can find them later :)
If you are debugging Perl programs, and the debugger insists on stopping every now and then with a "100 levels deep in subroutine calls!", and you know that this is actually legitimate for your application (e.g. there is a recursive invocation of a free/dispose function on a graph containing many objects), just set the $DB::deep variable to a large enough value, as documented in the "Guts of Perl Debugging" page (perldoc perldebguts).
If you're like me, and have a fortune invocation in your interactive shell's startup file, and sometimes you log in, you notice a fortune come up, but then you very quickly start another program and then decide that the fortune was really interesting and wouldn't you have wanted to read it, then fortune's -m pattern command-line argument ought to help.
Well, after a hiatus of well night eight years (due mostly to procrastination), I finally jumped back onto the IPv6 bandwagon. The last time, I obtained a tunnel from the 6bone; this time, after a recommendation from a FreeBSD developer, I picked SixXS for a tunnel broker.
It turned out to be as simple as "sign up, wait an hour for account approval, fill in a form to request a tunnel, wait two hours for a tunnel approval, download a piece of software, put my username and password into the config file, and watch the dancing turtle!" Well, okay, fine, so the dancing turtle bit shows my age - the KAME project was actually discontinued three years ago :)
Yes, I've got nothing but praise for, and I strongly recommend, SixXS as your way to IPv6. They've got wonderfully responsive staff, points of presence all over Europe and around the world, a really trivial way of setting up the tunnel even behind scary NAT devices, an easy to use and navigate website… I'm sure I can think of more :) And they even gave me 50 bonus credits for being a FreeBSD developer :)
Okay now. I guess it's time to finally update the IPv6 patches for the djbdns port in FreeBSD, and to find a way to get cURL to work with both c-ares *and* IPv6. And, of course, there's the fact that due to the wonders of trn and 6tunnel and the kindness of the eweka.nl folks I can now read ASR again :)
Only for those with adventure in their hearts:
Google Chrome: Early Access Release Channels
(from Muammar El Khatib's blog)
A Debian Linux package of Google Chrome released! Well, it does show in lots of places that it is not qutie finished yet, but the overwhelming part of the functionality is present and operational — and quite usable for a browser. Finally! :)
Now just to test it under FreeBSD's Linux emulation...
Well. Well, well, well. Just how crazy must I be so that a part of my actual working day, a part of my job, is to stare at the computer screen, reach for the keyboard, and type in a line consisting entirely of the following characters:
/^[^#]*&
And, yep, the text editor found exactly what I told it to look for. And, yep, me and the cow-orkers in my room spent a couple of minutes laughing.
Okay, now here's documentary proof of my absolute and total lack of sanity. (if anybody should feel kinda lost and out-of-place reading this, rest assured - so do I! :)
Imagine a laptop and three servers (I wonder if you can). Imagine straylight, the laptop that drew the shortest straw and ended up in my hands. Imagine snark in the office LAN, with a webserver cuddling a Subversion repo. Imagine brionne at a colo center, in a soon-to-go-live rack, with a webserver cuddling another Subversion repo and an apt-proxy server. Imagine kislev at the same colo center, but in a different, already-live rack.
Imagine two SSH sessions.
straylight to kislev:
straylight to brionne:
Aye. Now imagine a couple of parallel Subversion imports, check-outs, and check-ins, and an apt-get dist-upgrade on the side.
Nope, I'm not bragging. I'm not complaining. I'm not ranting, either. Just - as I said at the start - providing documentary evidence of insanity.
I got the link from peshos — thanks a lot!
"The big ones" at Google comment on the ideas behind Google Print and the senselessness of the arguments brought up in the lawsuit against them; comments at the official Google blog — from Eric Schmidt and David Drummond.
(yeah, yeah, I know about those funny little linkblog thingies…)
Just a small excerpt from a 30-page request-for-quote that came our way recently…
The system should be designed with no duplication but should be provided for all levels of redundancy.
To quote Charles Babbage, "I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question" - or, in this case, such a requirement. And then again - maybe I am…
If we are concerned about the performance of /dev/console, we need our collective heads and tails smacked until we come to our senses :-)
Poul Henning-Kamp in <34962.1125655258@phk.freebsd.dk> to -arch.
Primate Programming Inc: The Evolution of Java and .NET Training
Via today's WTF.
Someday, yes, someday I just might start demonstrating some originality in the naming of throwaway files :)
[roam@straylight ~]> ls foo.* foo.c foo.jpeg foo.png foo.sh foo.xwd foo.c.35.mach foo.link foo.ppm foo.tar foo.core foo.pl foo.s foo.urls [roam@straylight ~]>
Yay!
First got the news on the LUG-BG mailing list, then via Peio and Yovko: the European Parliament has slammed its collective fist and shot down the awfully misguided directive referring, among other things, to software patenting! A vote of 648 vs. 14 - truly, madly amazing! To say the truth, I did not hold much hope, I'd pretty much resigned and made all kinds of emergency plans - and then there they go and, er, well, not exactly disappoint me, no, sir!
Then, Google News started spewing all kinds of links:
Yep, it's time to celebrate!
The topic of how to deal with all the old computer-related equipment that has been quietly piling up in the attic - or in the living room - over the years has come up quite often in personal conversations over the past few weeks. Now, it seems there's a new twist on it :)
One of the most common ways to handle old stuff (besides just dumping it or setting up a computer history museum) is to donate it to a charity. Well, apparently at least one charity has been burned by such attempts already - Jeremy Zawodny found out that Goodwill Industries International will absolutely refuse to accept computer mainframes!
As Jeremy writes, "You just know that a rule like this only appears after someone tries to donate a mainframe." :)
Just an idea I've had for some time, and thought I'd finally share :)
Wouldn't it be a good idea to throw a little PGP key-signing - or at least key-exchange - party at this month's Linux-BG conference on June 18th? The adventurous souls who like to lug laptops around and are gullible enough to stick in untrusted media from others would be able to do the key-signing right on the spot. For the others, IMHO it would be nice for everyone to bring sheets of paper paper (or, as Kaloyan Doganov did some time ago, just put the info on business cards) with their name, their PGP key ID, and its fingerprint on them, and give them away.
As a side benefit, this will give yet another opportunity to match faces to names ;)
If you are reading this, and you are actually interested in the computers/programming section of this blog, then you probably also know who Bjarne Stroustrup is - if not, take a look at his homepage at AT&T.
However, it's not Stroustrup himself that this entry is concerned with, but rather something he wrote about comparing one programming language to another. In this particular case, he wrote about comparing C++ to any other language, but his points are quite generic and really valid across the board. This is something that *is* worth remembering and bearing in mind the next time someone tries to drag you into a religious war of programming languages.
Well, well. There was a thread on the freebsd-hackers mailing list that started a couple of days ago, and it looked like some kind of trivial C programmer's mistake. As the thread unwound, however, people started to suspect weird syntax problems. In the end, it turned out that it was just a C compiler that liked C89 syntax - the original C language standard ratified by the ANSI X3J11 committee - and choked on C++-style // comments. Okay - fine - good - just use C-style /* comments */, and end-of-story, right?
Well, it turns out that there's more. After a bit of discussion on C89 versus the newer C99 standard (again from the ANSI X3J11 committee), Dag-Erling Smoergrav hit the list with the following gem of a program, which can actually differentiate between the C dialect used by the compiler without any #ifdef conditional compilation:
#include <stdio.h> int main(void) { int a, b, c; a = 10; b = 2; c = a //* oops! */ -b; switch (c) { case 8: printf("C99 or C++\n"); break; case -5: printf("C89\n"); break; default: printf("can't happen\n"); break; } return 0; }
So how 'bout that, eh? :) See how it performs quite differently under a compiler that treats // as the start of a comment, and one that only treats /* as such and lets through the '/' character? :)
Score one more for Obfuscated C. "Kids, don't try this at home!" And as a former coworker used to say, when he saw me get that faraway look in my eye in the midst of a weird programming practices' discussion over a beer or five, "Hey! Don't try this at work, either!"
When Nacho showed me yesterday's The Daily WTF, we got to talking about...
No, wait. Go read yesterday's WTF. Really. A Pascal and C programming background would help.
----------
So, now that I assume you've read it, here's the gist. Nacho mentioned that one could also do #define := =
and later on use Pascal-like constructions of the form a := 5
. The only problem was that GCC does The Right Thing(tm) and rejects :=
as a macro name, since a macro name must be, well, a name - that is, a well-formed identifier - you know, letters, numbers, underscores, the works.
Next thing you know, Nacho says that it would be hard to patch GCC to accept a #define := =
construct - and what do you suppose yours truly does? That's right, I was right on it like a swarm of stray tomcats drunk on valerian :)
As a result, here's patch to the GCC preprocessor which parses :=
as a valid identifier. Thus, the following program becomes purrrr-fectly valid:
#include <stdio.h> #define := = int main(void) { int a = 0; a := 5; printf("a is %d\n", a); return (0); }
And here's the result:
[roam@straylight ~/c/misc/foo]> cc -o pasequ pasequ.c [roam@straylight ~/c/misc/foo]> ./pasequ a is 5 [roam@straylight ~/c/misc/foo]>
The patch (not that I would ever expect anyone to use it :) was made against the gcc version 3.4.2 [FreeBSD] 20040728 - the one that is in FreeBSD's 5.x branch for the last couple of months. It may not apply cleanly to other 3.2, 3.3 or 3.4 versions, and it will not apply at all to 2.x, since cpplex.c does not even exist there. Still, it Works For Me(tm), and that's enough for the whole why-the-hell-not fun part :)
(and yes, when I told Vasil Kolev about it, his comment "that's sick!" *might* have been spot-on :)
Red Hat, MySQL AB, and three German Web hosting companies have announced a partnership with software developer Florian Muller to support NoSoftwarePatents.com, an organization that hopes to stop the European Union from granting patents to what Muller calls a "cartel of patent superpowers" whose aim is to stifle competition.
Whoot! Read the full article for details, and then see the website itself for information on how to help!
Well, well. Here's Russell Beattie lamenting the bandwidth/traffic strain that a 5 MB podcast placed on his hosting account. Sure, I get his point, and I agree that Something Must Be Done, but still - $99 for a 800 GB/month account? For $100, most Bulgarian ISP's would give you 20-25 GB/month, if even that - and yes, that's twenty-five, not two hundred and fifty there. As mentioned in the title, sigh...
Today Yesterday (pfft.. is it 3am already?!) marked the first Ericsson Mobility World Developer Day in Bulgaria. "It happened at the Hilton", and it was actually the first conference-type event dedicated solely to mobile technologies that I've ever been to. This probably explains the fact that there were only three people I knew there - and of those, one was a former classmate from the 7th grade whom I hadn't seen since high-school, and the other works at MobilTel, so I wonder if they really count :)
It was pretty interesting, though - maybe the most interesting part was that I seemed to actually understand everything being said, and even managed to slip in a couple of questions and pass for a connoiseur ;) Of course, there was quite a bit of marketspeak and the usual amount of question-dodging, but still there were things to learn - or at least to note for later consideration - in all the presentations. Ericsson's Mobility World program looks like it could indeed help people write things to run on their phones, things to run their phones, and things that make other people run around holding phones.
I'm not exactly sure whether the two presentations from the Bulgarian government employees actually had something to do with Ericsson, but that was probably for the best - the focus of the conference was on mobile technologies and application development in general, I think, and both talks were probably interesting to foreigners looking at Bulgaria for investment or outsourcing. Still, the organizers had subtly rigged the schedule so that people would *want* to stay for the afternoon session - that's where the technical discussions were, after all! Pity that the 'application development' talk didn't happen - the speaker couldn't make it to Bulgaria, apparently - but the mobile positioning and location-based services one was great. Of course, Ericsson are not the only ones to have come up with the products and services shown in the various presentations, but at least they gave me something - several somethings, in fact - to think about, and some ideas about Things I Just Might Do When I Find The Time(tm). The CD's helped some, too - and some of them even have software that may run on OS's other than Windows!
The cancelled talk meant that I was actually able to get to work during office hours after all, and fancy me catching up on blogs and coming across the not-so-new-now news about Google SMS - a genuinely useful mobile service, albeit limited to the US operators :) I do hope that Russell Beattie changed his original opinion about the service, since exciting as they might be, smart phones are still a minority, and not just in Bulgaria, either. The results may not be perfect, but then what is, in this world? I know I've often found myself wishing for a quick search, away from a computer, much less an Internet connection... Of course, I cannot use the Google SMS service too, but here's hoping that some Bulgarian companies wake up now that yet another giant has made yet another move towards mobile content. More discussion on kasia's and John Battelle's blogs - and be sure to check out the 'Trackback' link on John's blog for even more opinions!
As noted over at my FMI blog:
And yep, this ought to have been posted last week, to actually let people know that the first introductory lecture will be held today, October 4th, Monday, at 7pm in auditorium 200 at FMI. Since last week was a bit hectic in other ways, we kinda slipped our schedule with announcing this course, updating its website, and putting up notices on the FMI walls (actually, the latter two are still not quite done), and we just might have to do another introductory lecture on Wednesday, same place, same time - but try to be there today! :)
Of course, the Network Security course will also see the light of another semester, starting tomorrow, Tuesday, at 7pm in auditorium 325 at FMI.
The Register reports that the EU's Competitiveness Council has once again returned the software patents directive for reconsideration. Among other interesting points in the article:
Cohn-Bendit said that the software regulations proposed by the Competitiveness Council on 18 June would have led to EU's economy being controlled by a small group of multi-nationals.
Oh, but ain't that the truth...
The European Parliament takes the view that strict software patents will stifle innovation among small European companies. Software would instead be covered by copyrights and algorithms and commercial methods might not be protected in any form.
That was one of the points that Plamen Tonev repeatedly stressed in his talk on software patents at the LUG-BG 2004 seminar back in May, and in my not so humble opinion this point alone should be enough to bring the whole thing to a conclusion, not "one way or another", but certainly to the scraping of both this proposed bill and any further talk on the subject.
I wonder if Mark Pilgrim's Why Specs Matter post could be applied to other facets of life, not just software development. Still..
Most developers are morons, and the rest are assholes. I have at various times counted myself in both groups, so I can say this with the utmost confidence.
That's how it starts, and I can second that - err, no, I don't mean that Mark Pilgrim has been a moron or an asshole, although if he himself says so... ;) I mean that *I*, myself, have been in both groups at various times, multiple times, so yeah, he got that part right!
Now go read the whole thing, right up to the end. If it doesn't strike you as particularly correct, well, you could blame me for wasting your time, or you could blame Kev where I found it :)
I've expressed my amazement at the stupidify of spammers before. Sometimes, there's a funny twist to it :)
It's common knowledge that they have started mining mailing lists and other sources of information, not only for the addresses, but to grab "keywords" and stuff them into the message subject. Most of the time, they also add a word or two, usually with... mmm... should we say, "risque" connotations, to further grab the reader's attention.
Well, today, a subject line of Red Hat Linux 7.3 willingly certainly did grab mine :)
Matter of fact, although some of my interests might seem to contradict it, I actually kinda like RedHat Linux 7.2 and 7.3 - they are also the last releases of RedHat Linux that I like. Still, the notion of consent implied in the subject line was intriguing in its own right :)
And just as fate would have it, Newsforge published an article titled Warez spammers discover Linux just about when that message has reached my mail server! Talk about coincidence...
Well, it seems that Victorinox have done it again - SwissMemory® USB Storage in a Victorinox pocket knife! Wouldn't it be fun to have a <insert OS of your choice here> rescue disk literally in your pocket, along with all the tools you need to disassemble, reassemble, and generally mess up your computer? :)
This probably belongs in the notes blog, but still...
So remember children, when removing cards from a PC _always_ replace the blanking plates :)
Reminds me of a friend's story of a cat chewing through the power cable of a working Hilti drill... the cat was unplesantly surprised, but survived the jolt and henceforth only approached big black cables with great care.
Robert W. Bemer, the not-so-wide known father of ASCII and the backslash character, inventor of the ESCape sequence, early proponent of the 8-bit byte standard, and a whole lot more, has died of cancer. The Internet, computers... actually, our whole world would not be the same without his work.
The Scriptometer is a nice comparison of various languages, very much focused on their scriptability, not general programming poiposes.
Funny, this is pretty much the exact way I would rank sh, Perl, PHP, Tcl and awk - well, awk might actually come before Tcl. As to the others, I'm either not quite as fluent in them as I'd like, or it's just that I'd never really use them for the things I would use these languages :)
Via rafael.
Spammers. I hate 'em. But sometimes they amuse me, like today, when I received an e-mail with the subject of 'Open immediately for smarter spam control!' :)
I've been holding off commenting on the whole lot of hell raised all over the blogging community by the MovableType 3.0 licensing "swindle". The reason I've been holding off is because somehow it didn't feel right that my point of view on this should be expressed with a single sentence: if you don't want to pay for the new version, what's wrong with just using the old one?!
Yep, somehow it seemed wrong that everybody (or at least, everybody who was whining) should have missed such a simple fact, so I held off stating it lest somebody point out some obvious flaw. However, there seems to be no flaw in that, other than more whining like 'but the old version does not have all the super-duper features of the new one' - hell, it was good enough for us to use until now, how come it is suddenly *not* good enough?
The reason I *am* writing this now is that Dan Sugalski has written this up much, much better than I would have. So before y'all start flaming my position, please read his explanation and tell me what exactly is wrong with it. Thanks, Dan!
Okay, so MySQL might not have *all* the features of some commercial database servers, but still, it seems to have some redeeming qualities :)
Anyway, I like it when software just works...
The above was a quote (and a link) to the use.perl journal of Leon Brocard, whom you might or might not have come across in the Perl or Open Source world. Read his full journal entry for the details :)
Update: Uhm.. of course, in the very first sentence I meant to also mention some non-commercial offerings, too, and I'm sure I've missed many.
A great write-up by Randall Hyde: Why Learning Assembly Language Is Still a Good Idea. Even if you think that assembly is not for you (or maybe *especially* if you think so), do take the time to read at least the beginning of the article - you might be surprised :)
Via Robrt.
Matt wants a new duck, and I want one of these, too!
On a side note - Matt got this from the journal of Neil Gaiman - yep, the writer... Wow! Never thought I'd come across this, but it looks like a Good Thing(tm) :)
A Brick Science Major (via VarChars) is a *wonderful* essay on the mentality of some CS students, some CS graduates, and some of the people who hire them.
Once (about eight years ago) I complained about the quality of CS education at a certain university, and an acquaintance told me something which, in retrospect, sounds like a truism, but it was a revelation back then. I believe it would also be a revelation to most people who actually graduate from universities, any major, any department. It might also come as a surprise to some of the HR staff (or whoever it is that takes care of grilling new candidates). What he told me was, "a university's job is not to teach you CS - its job is to teach you how to learn, so you can later learn all the CS you need by yourself".
Paul Vick has a nice discussion of why performance should be considered 1. in the design, 2. during coding, 3. during testing, 4. during fixing the bugs, and not only during the hectic chaos of final bugfixing in the week before the release. A definite must read for all programmers, both aspiring and experienced!
And since I'm pretty sure that there will be some who will react to the very first paragraph with a sarcastic laugh and a snide anti-Microsoft remark, allow me to remind you that some of the best books on software design - Writing Solid Code and Code Complete - have actually been written by Microsoft employees.
Via Tony Bowden.
Loaf seems to be an interesting application of Bloom filters to build a hybrid between e-mail, social networking, and I'm-still-not-quite-sure-what-else :) The basic idea: send out a hashed copy of your addressbook with each e-mail message, so others can check whether you have been in contact with somebody else. The purpose: check first-time correspondents against the people who have sent you their Loaf databases, so you can come up with some kind of rating: "I have no idea who that is, but three of my friends have actually sent e-mail to them, so maybe it's not really a spammer".
I think I'll give it a test out Real Soon Now(tm).
Via Idle Words and Understanding Nothing.
In a message from Kevin Stevens in a discussion of the recent alleged TCP vulnerability on the freebsd-security mailing list:
On Wed, 21 Apr 2004, Dag-Erling Smœrgrav wrote:
> I think the default ttl of 64 was an arbitrary choice. You would
> probably be fine using 32, but any lower than that and you would start
> having trouble crossing oceans.
?? Because of all the router buoys floating around??
This probably belongs in the notes blog, but I just can't pass it up with just a note :)
It's been long since I've first heard of this mythical programming language, PERL. The search for PERL has been long and hard, and sometimes quite funny, but it seems to have come to an end.
I give you (or rather, John McNamara gives you)...
Via a comment in davorg's journal.
A fascinating overview of the Google filesystem. Via John Batelle and Steve Neiderhauser.
Okay, so maybe they've done it before, but this is the first time that I've seen Yahoo! give, um, "customized" results for specific search phrases: do a search on what is my destiny :)
Via John Batelle's Searchblog.
The new 1.0pre2 version of the Ringlet.Collections library (which I already mentioned yesterday) now contains a complete implementation of a tiered vector. The Ringlet.Collections.TieredVector class now has a Shrink() method, which no longer throws a NotImplementedException, but simply does its job when RemoveAt() invokes it as needed.
As mentioned in my FMI blog entry, you can find more information at the Ringlet.Collections distribution site or its online documentation.
Ouch!
Change 'pot of coffee' to 'two-litre Coca Cola bottle', and kasia's description of a typical programmer's working day hits straight home!
Yes, it is that bad. Yes, it is that exciting. Yes, it is that disorganized.
Yes, I like it :)
Update: Also, do read the trackbacks from kasia's site, too - some of them will provide additional insight :)
I was feeling a bit guilty about continuously posting pictures taken by Iva's mobile phone at the Ringlet gallery. Well, I *was* - until coming across this PCWorld article via anima's blog.
Okay, so our gallery isn't quite a moblog - Iva e-mails me the pictures, true, but then I post them almost manually. Still, I don't feel so bad any more about posting pictures with less-than-perfect image quality :)
And yes, I *will* get a real camera one of these days. Most probably it will be a video camera, almost certainly a digital one, but we're still doing some research on that topic. Boyan's demonstration of the Sony DCR-TRV33E looks very promising.
I just announced the Ringlet.Collections .NET class library over at my FMI/University-related blog (in Bulgarian). In short, a presentation by Krasi Dobrev at the Design and Analysis of Computer Algorithms course kinda grabbed my attention, and seeing as there were no real tiered vector implementations that I could find, I decided to write my own (not that hard, as it turns out). However, I might have to finish it a bit later, after catching some Z's...
As mentioned in my FMI blog entry, there's a good chance that this .NET library will be followed up by C and C++ implementations, but this is definitely not going to start at 6am.
Update: the new version 1.0pre2 of the library contains a complete implementation of a tiered vector.
At last, a real, serious, official conference addressing a subject that's been troubling a lot of people in the last couple of years: how do you write open-source software *and* make a living out of it?
For more information:
- the conference's website;
- the NewsForge article announcing it;
- another NewsForge article which covers Lawrence Lessig's keynote speech.
I'll try to update this entry with more links as I find them; feel free to post others. I sure hope that the participants or the organizers post some kind of presentations (slides, text, anything) from the speeches!
Just for the record, since others have posted their scores on the certification exam held by the Linux Professional Institute at the WebDev / PHP 2004 conference earlier this month, here's mine, too :)
Total: 630 (on a scale of 200 - 800, 500 needed to pass)
By category:
Hardware & architecture | 100% |
Linux Installation & Package Management | 92% |
GNU & Unix Commands | 95% |
Devices, Linux Filesystems, Filesystem Hierarchy Standard | 81% |
X | 62% |
Guess it shows that I haven't done much with Linux's relatively-new filesystems like ReiserFS or ext3, and that I do most of my work in the console or using classic wm's like AfterStep or Ion :)
It seems that one of the better browsers Out There has found its way into Yet Another Sequel - Scary Movie 3.
Spotted via Ben Goodger.
I hope that among those who read this blog, there are none who believe - or would even seriously consider - the mind-boggling fingers pointed at the free software community as authors of the MyDoom virus or accomplices of the author. I would really, really hope that the readers of this blog have enough common sense.
Still, if there is someone who still believes that the appearance of the MyDoom virus is a sure sign that the whole free/open-source software movement is Evil(tm), here's a great article by RMS on the subject. Definitely worth a read, no matter where your beliefs stand.
Some time ago, I mentioned to Vasil that HTML allows all sorts of weirdness, like unclosed tags, unspecified closing tag names, unclosed *opening* tags, and all that stuff. Finally somebody has taken the time to actually demonstrate that - a wonderfully crafted HTML weirdness, courtesy of Virtuelvis. The funniest part is, the W3C vaildator does, indeed, agree that this is valid HTML!
I sign all my outgoing e-mail using GnuPG, so it gets sent out as an S/MIME multipart/signed message with an application/pgp-signature MIME part. Sometimes this brings out the fun part of the 'net, such as an automated response I received to a message that just made BugTraq:
MailServer has rejected this message: it contains executable attachments.
(just to clear up any confusion, no, this was not sent by the securityfocus.com servers, but by the mailserver of somebody subscribed to the list)
Let's hear it for the geniuses who configure their mail filters so that any MIME attachments marked as application/* are considered executable. I guess asking them to read RFC 2046, section 4.5, "Application Media Type" (which plainly states that MIME parts marked as application/* are meant to be processed by an application), would be asking too much... but is it too hard to actually *look* at some e-mail messages that they've sent or received recently, and notice that some of them do, indeed, bear attachments of the dreaded application/rtf or application/x-arj-compressed or application/vnd.ms-tnef types? Okay, got carried away a little - that last one is indeed a dreaded one :)
And if you expect to see here another rant about mail filters that bounce messages to the 'From' address instead of 'Return-Path' or 'Sender', well - it seems that you can already do that one by yourself.
Grumble. Those who do not care about C++ and are just wondering what the hell is keeping me up at 2:40am may safely skip to the last paragraph.
The past hour (and a bit more, actually) was dedicated to figuring out why Visual Studio C++ would not "see" a symbol exported in a DLL (or rather, its export LIB) that it (well, *another* copy of Visual Studio :) had placed there just about 20 seconds ago. In the end, after using strings(1) on the .lib file, and very, very carefully reading the linker error message, it turned out that the .lib file mangled the function name as:
__imp_?uerror@@YAPAUUError@@HV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PAX@Z
...while the linker was actually looking for
__imp_?uerror@@YAPAUUError@@HV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PBX@Z
Spot the difference? Yeah, that's right - just a single puny character at the very end. Now, thanks to the creatively named Windows API function UnDecorateSymbolName(), I was able to find out that I'd forgotten to change a 'void *' to a 'const void *' in the function definition.
Yep, that's right, I'd made the most stupid mistake - the header file had 'const void *', the function itself took a 'void *' as a parameter... and why oh why didn't VC++ warn me at build time?! Yes, I am compiling with warnings at level 4; some of the time, I'm even adventurous enough to try /Wall - including this time, and no, VC++'s /Wall does not enable any warnings equivalent to GCC's -Wmissing-prototypes! If there is a discrepancy between the function declaration and the prototype, the compiler silently assumes that you actually want to declare a different function, and there you go.
Or wait a second.. Looking at it now, GCC only honors -Wstrict-prototypes and -Wmissing-prototypes when in C mode - for C++ files, you're on your own, too. Now if only I could figure out a reason for that... I mean, overloaded functions are all fine and dandy, but sometimes, just sometimes, I actually want the compiler to scream bloody murder at me for forgetting a tiny little 'const' thingy. If somebody has any idea why GCC will always silently accept a missing prototype in C++, and why VC++ does not even have a warning for that (well, it *is* mainly a C++ compiler), please enlighten me!
Grumble. Okay, back to the rest of the work now. And for those who find working at 2:40am strange, I seem to remember a saw that went something like 'Developers do not have office hours; all they have is deadlines'.
There's a brief discussion over at Neurotech of a CNN article about the MyDoom virus DoS on SCO's website.
What really bothers me about the CNN article is the implied connection between SCO's judicial pursuits, the open-source community, and the MyDoom.A virus. Of course, it would be hard to deny that SCO has indeed drawn the public attention in more than one way with the (insert expletive of choice) lawsuit, but the way this (and some other) article is written more than suggests possible candidates for the virus writers.
As to whether taking www.sco.com out of DNS could be considered bringing the website down, IMHO it might indeed. Why? Well...
Other than that, I agree that SCO made one of the best choice in handling the attack, so that it might well still emerge from it with nothing more than a huge boost in PR and only a possible psychological perception of the site being down.
Update: As seen by the comments below, I have apparently managed to misunderstand Luke's point. Of course the site was not brought down by the virus itself - as, indeed, the CNN article falsely claims.
A kinda funny article over at Netcraft - www.sco.com is a weapon of mass destruction. Although part of the purpose of the article seems to be fun, still it does bring up an interesting point: with the number of MyDoom-infected PC's out there, tomorrow may be a Bad Day for whatever IP address www.sco.com points at. And yes, it does use DNS to resolve the 'www.sco.com' hostname, at least according to the analysis summarized in the Trojan Horses Research digest of messages related to this virus.
Now.. how long before someone writes an Apache, Squid, or IDS module, which detects several HTTP GET requests for www.sco.com and blocks the sender, just in case? :)
I missed a very important argument in my Outlook 2003 and Message-Id rant the other day; it was on my mind when I started writing the rant, but then it must have slipped through the cracks...
The fact that the usual way to form the Message-Id header discloses the sending machine's hostname is made almost irrelevant by the fact that there are very, very few SMTP servers which do not add a "Received" header containing the client's perceived IP address, the client's perceived DNS hostname, and the contents of the client's HELO command - which, with most SMTP clients, actually contains the client's hostname.
Here's an example:
Received: from actual-hostname-deleted (HELO straylight.m.ringlet.net) (actual-IP-address-deleted)
by gandalf.online.bg with SMTP; 28 Jan 2004 08:09:30 -0000
This was the first (technically, the last, since the SMTP servers further on in the chain had added theirs to the beginning of the message) "Received" header on a message that I recently sent to a public list. As you can see, my mail client (not Outlook 2003, but see below) honored the SMTP protocol by issuing a HELO command with the local machine's hostname - and it is plainly visible in the message headers.
A coworker fired off a quick test message using Outlook 2003 and, lo and behold, the SMTP server logged a Received header with the coworker's machine's name in it! So much for privacy, I guess :P
Note: please do not take this as a request for Microsoft to stop providing the machine's hostname in the HELO command, too! :)
So $REALJOB_COMPANY deploys a Windows-based intranet - Active Directory, Exchange, Web components, all that jazz. So far so good, except when a cow-orker asked about spam handling, the boss (who is actually a truly-non-PHB, and who actually engineered the new network infrastructure) replied that spam handling might be solved when we migrate to using MS Outlook 2003 and its spam filters, but... But, he said, Outlook 2003 had a slight problem: it could sometimes send out messages without including a Message-Id header! So we're waiting for Microsoft to fix that, and then we'll migrate.
I could scarcely believe that, so seconds after the meeting there I was, googling for Outlook 2003 Message-Id, and sure enough, there it was: on the first page of results, a news bulletin which, among others, states that Outlook 2003 only includes Message-ID's when sending e-mail through an Exchange server. What really got my goat, though, was the reason for omitting the Message-Id header: you see, users complained that their machine names were visible on the Internet!
<F/X: spanner in works, mind grinding to abrupt halt, head exploding>
I wonder how the rest of the Internet, including the users of previous versions of Outlook and Outlook Express, have managed to cope with this horrible invasion of privacy - encoding the hostname in the Message-Id header - for the past nigh on 20 years! Its use in the In-reply-to and/or References headers, its perfect suitablility for indexing/searching an archive for messages, and lots of other characteristics just leave me lost for words. And even if the actual hostname is not used in the header, there are many algorithms to generate a hash or something based on the hostname - which would still go a long way towards the purpose of the hopefully-globally-unique Message-Id value.
Okay, so Outlook 2003 is indeed technically RFC-compliant, since RFC 2822 section 3.6.4, "Identification fields", does indeed say a message SHOULD (not MUST) have a Message-Id - but it does use the verb SHOULD and not MAY. Also, RFC 2821 allows the first or last SMTP server in the chain to add a Message-Id if none is present, but there are still many RFC-compliant SMTP servers out there which do not do so, and the client has absolutely no guarantees that a message will get a Message-Id header - and IMHO, every message should have one.
Oh well... score another one for muddy thinking. The end result? Outlook 2003 currently generates scores of messages that may very well be considered spam by many popular spam filters out there - and for a very, very good reason, too.
Ever since MobilTel, the first Bulgarian GSM operator, was established back in 1995, there has been an awful lot of badmouthing from all sides: complaints of bad customer service, high pricing, slow uptake of new technology, and so on. In the past year or two, some of thoes complains have also targeted GloBul, the second Bulgarian GSM operator. Well, some of those complains have had some merit, but IMHO, most of them could be placed in one of three classes:
And to give some substance to this so far purely abstract rant, let me at last come to the actual point :) The idea of writing this came up while discussing with a couple of friends an article from The Register yesterday: subscribers to the Orange mobile operator in the Netherlands can now choose a mobile number when signing up. The article highly praised Orange for this wonderful new service, to quote: "a luxury most European telcos do not offer yet to consumers". Even so, subscribers will be charged 100 EUR for picking a number.
So, the point: MobilTel has been offering this very service for a long, long time - I'm not sure if it was from the very beginning, but it has certainly been available for more than three years now, at the price of 30 BGN (a bit less than 15 EUR): Bulgarian and English version of the list of additional services.
And no, I don't think that this rant of mine will instill logic and reason into the badmouthers' minds and make them shut up :) I just needed to vent some steam.. or something :)
Note: some people who know me would realize that even though I neither work for MobilTel nor am a shareholder or anything, I am not completely impartial to them. Take this with a lump of salt if you will, but what I have written above is purely personal opinion, and as such may not reflect any definition of objective truth, be it according to the teachings of Plato, Socrates, Kant, Kubrik, or Eris. If you choose to gamble half your fortune based on predictions made by perusing this text, I will not be held responsible for the outcome, although, if you should win, a share of the prize would be nice :)
Whee... According to The Register, NewsForge, Slashdot, and probably coverage in other places, too, SCO has sent a letter (or at least a draft) to the US Congress, asserting that the use of Linux in Europe and Asia is a direct threat to the US economy and, more or less, the US national security...
I just don't know what to say. Yep, a real loss of words. Read the articles, read the draft itself - it *does* have great entertainment value, if nothing else. The problem is, it might indeed have something else, too - it is written in exactly the glib manner that would appeal to a politicians, especially politicianс who dо not always have the time or staff to do the research necessary to expose this as the FUD it is. Yep, we might have a problem here - though I sure hope not.
Heh.. learn something new every day, it seems.
The FreeBSD port of texi2html that I maintain was throwing weird fits on FreeBSD 4.x-STABLE with Perl 5.005. After a bit of poking through the error messages, the Perl docs managed to surprise me with a new way in which Perl tries to DWIM: sometimes you can use a string containing the name of a variable as a reference to the variable itself! Well, the port is fixed now, and the fix has been sent to the texi2html developers, just in case.
I guess part of the reason I've never come across this before is that it's become a kind of a habit to start all my Perl scripts with taint mode and use strict ;)