Zach's So-Called Life

Debian/Ubuntu Packages for Epic5 and Amenesiac

2008-05-19T19:42:35Z

If you can read this, welcome to my new server.

I've been setting a new Ubuntu 8.04 LTS based server, and I'm retiring the old Slackware server I've been using for the last year or so. Slackware is ok, but I just don't have the time to do upgrades. The occasonal "apt-get upgrade" when I need to deal with a security problem (like this week's openssl fiasco, thanks debian) is much prefered to either compiling from source or having to track down and fetch an updated package.

One of the things that I had to do myself was build epic5 packages. There are packages for epic4, but since I work on amnesiac I need to be able to use epic5. Since other people irc from this machine I like to provide a copy of the script in /usr/share/epic5/script. Given all that, it made sense to build a package for amnesiac as well.

I've automated the whole process, so updates to each should be easy. If you're the kind of person who likes to IRC, and you like to use a debian based distribution, and you like things that update automatically, you can benefit from my work. Just add the following lines to your /etc/apt/sources.list:

  # epic5 and amnesiac packages
  deb http://darkstar.frop.org/debian/ irc epic5 amnesiac tsx
  deb-src http://darkstar.frop.org/debian/ irc epic5 amnesiac tsx

You will also need to add my gpg key to your keyring. You can do so with this command:

  curl http://darkstar.frop.org/debian/zwhite.gpg | sudo apt-key add -

Finish everything up by running "sudo apt-get update" and you should be all set. The two new packages available are "epic5" and "amnesiac".

An Ode To On Call

2008-04-04T10:36:40Z

once upon a midnight 'berry
as I awoke from dreams so airy
the screen announced like a sorrowful brute
quoth the kernel, unable to mount root

bleary eyed I thumbed the wheel
that would hold back my sire's steel
as I pondered profanity stronger than, "Shoot"
quoth the kernel, unable to mount root

my fingers dance, ciphers entered
I'm in like flynn and down like bender
meanwhile this server just won't boot
quoth the kernel, unable to mount root

I have a look see, and what do I find?
a botched migration, well yes I do mind 
you have to check your hardware first you ignorant kook
quoth the kernel, unable to mount root

Put it all back, is all I reply,
before slamming my leash down onto my thigh
no problem was fixed, but now it's all moot
quoth the kernel, unable to mount root

To paraphrase Fermi: where are all the viruses?

2007-10-09T14:52:45Z

Apple is known for cultivating a cloud of smug. The users are arrogant and have an inferiority complex. In addition, Apple has been been playing up MacOS X's security in ways that some people find irritating.

David Maynor, for example, was willing to tarnish his reputation and be a laughing stock in order to, as he put it, poke a lit cigarette into the eye of Mac users. Granted, he was quoted saying that while he was supposed to be off the record, but it demonstrates just how much Apple gets under some people's skin.

Given that, you would think that by now someone would have written a self-propagating virus that targets Mac users, but it just hasn't happened.

It's not like it'd be difficult. I can think of 3 or 4 security issues that exist in MacOS today that would allow me to escalate from a normal account to root. Most of them involve exploiting the keychain, which by default is left unlocked while the user is logged in. Others involve getting the user's password from certain locations in memory that are accessible to all programs through various device and swap files.

All of the problems I just mentioned can be fixed by end users, but the point is that by default these are vulnerable points in the system that can easily be used by an attacker.

Getting the virus payload into the system is easy enough, too. Mac users are just as susceptible to dancing babies and love as PC users.

There are millions of Macs out there. More Macs than FreeBSD servers, but FreeBSD servers have been worm targets. Granted, they tend to be on faster connections, but given the low number (in the low hundreds of thousands, at most) of FreeBSD machines on the Internet why have they been targeted by malware when Macs (numbering in the millions) have not?

I'm not sure I have an answer to this. I know the answer is not "Because windows is the biggest target so all the kiddies look there." What better way for an obscure black hat to get his nick out there than to have written the first MacOS X virus that actually spreads? In one fell swoop you earn fame and reputation. You get to embarrass a giant corporation and show that they're not as invulnerable as they claim in their ads.

That seems like a much bigger prize to me than being just another anonymous entry in some antivirus vendor's database.

Emacs Users Need To Stop Holding Back Unix

2007-09-24T15:13:57Z

So for those who don't know, I've been using Ubuntu the last week or so. I've been keeping notes and I may write about it later, but I had to rant about this now.

It is late in the year 2007. The last time I used a unix-like desktop was in 2003, and I had the same problem then: A useless right alt key.

Why is the right alt key useless? Because for some reason it's been assigned the function "Super" instead of "Meta". Why was it assigned Super? What is Super? Why hasn't anyone fixed this minor detail that has existed for the 10 years linux has been a plausible threat to MS?

Super is just another modifier key, like shift or control. Old sun keyboards all have dedicated super keys. Back in the 80s it was used quite a bit, I've been told. These keyboards also had a single alt, a single control, and another modifier key called compose.

Meanwhile, in the real world, IBM came along and make two alt keys standard for the vast majority of computer users. They also put in two control keys and (one of their few bad moves on the keyboard) put capslock next to A, where control had historically been. This has since become the standard keyboard for everyone, even sun and apple.

So why is it that on a standard linux installation, no matter which distro you choose, the right hand alt key has been assigned Super? Emacs.

You see, Emacs is this software that does everything. It handles your email, it will monitor logs, you can play games in it, talk to a virtual psychiatrist, and even edit text files. If you need to perform a command in emacs there is probably a command for the exact situation you're in, assuming you can find it.

Learning emacs requires a harness and a rope, plus good ice shoes and a pickaxe. You will need this equipment to scale the steep and slippery learning curve. It is the only software still used that uses super. It will also use compose, snoz and snorglebutt modifier keys if you happen to have them assigned to your keyboard.

Emacs users are a small but vocal minority in the open source world (much like the religious right.) They command an unusually large amount of mindshare in the open source world (much like the religious right.) The rest of us could really do without emacs users, but they contribute a lot of code back to the community, so we put up with them (s/code/money, and again, much like the religious right.)

<colbert> EMACS USERS! I'm putting you, "On Notice!"</colbert>

Before a distribution like Ubuntu will be popular with the masses (and it's so very close) this default will have to be changed. It is unreasonable to suggest that the majority of users change their configuration or be stuck with a useless key so that the minority of emacs users don't have to change anything. You can do it now or do it later, but sooner or later it will have to be done.

If it's not, someone like my grandmother will never use Ubuntu (at 75 she, on her own, went out and bought a computer, learned what she needed to about it, and called me up and asked me to bring her Firefox and Thunderbird because it was taking too long to download over her dialup.)

Bodyguardz Protective Skins

2007-08-16T21:36:14Z

So I bought a Treo 755p to replace my 2 year old Treo 650. The phone is fine, it's basically my 650 with EVDO, no antenna and miniSD instead of SD.

I never had any sort of protection on my 650, and it held up great. However, it got pretty badly scratched up. I decided I'd see what sort of protector I could get for my 755. After looking at cases and researching for a few days I bought a set of plastic skins from BodyGuardz.

I put the skin on this morning. It hasn't cured for the full 24 hours yet, so this is a review of the installation process only, plus first impressions.

On a technical, "Can I do this" level, the installation was a breeze. Just spray on the solution and apply the piece in the right spot. Lift or slide until it's in position. I found that the skin didn't slide across the rubberized paint of the 755p very well, but peeling and resticking was fine.

However, on a "How hard was the install" level, it's meticulous. You have to clean the treo, then spray your hands, peel the next piece, spray it, then start applying and sticking it. I found I was spending 5-10 minutes per piece to get it on. The squeegee was useless for the body protector, again because of the rubberized paint. Pressing hard with fingers worked perfectly to stick the cover and work out bubbles.

The fit is not perfect, but it's close enough. There are a couple places where it stuck over the edge slightly, but a razor blade was able to cut those bits off (it was right where the battery cover meets the phone, so I had to trim it.)

The screenguard works as expected, although even with the solution getting bubbles out wasn't easy. This is a place where the squeegee helped. If anyone from Bodyguardz is reading this, please keep those in here, they are very useful for this step. :) My screenguard is slightly smaller than the screen, but once placed you don't notice it unless you look for it.

So first impressions? Seems great. By now the solution has dried and I can see how it'll look. I think it'll do a great job, provided it actually stays on the phone.

All is not rosy, however. The most scratched up part of my 650 is the part of the case that frames the screen. The Bodyguardz don't protect most of this area. Also, there are some corners that look like perfect candidates for catching and becoming a removal point, possibly when I don't want it to be removed. I'll keep an eye on those.

So should you buy your own? Well, I like it so far, and would tenatively say yes. At $25 it's cheaper than most cases, and it keeps my treo sleek enough to stay in my pocket.

I'll post another review in a few weeks, when I've had a chance to really put it through the paces.

Company	BodyGuardz
Product	BodyGuardz for PalmOne Treo 750 / 755
Price	$24.95
Other Info	They have skins for almost any phone, plus sheets you can cut to shape yourself.

Why Are CS Degrees So Worthless?

2007-05-29T18:13:27Z

There's a debate starting on Dave Farber's Interesting People list. They're starting to discus why it is there aren't more CS students, but I think that's focusing on the wrong aspect of the debate. The better question is why CS programs suck so much.

I sent this post to Mr. Farber, in the hopes he would post it to his list. This is a question I have wondered about for many years.

There's one question I have for everyone on this list: Why do we need 
more CS students? 


A bit of background for everyone before I jump into my question:

I'm currently 28 and have been working professionally in one tech job 
or another for 10 years now. I've been interested in and learning about 
technology since I was in grade school. Somehow my personal track kept
me away from programming and steered me towards a sysadmin career, but my 
experience has put me into contact with many different programmers and
technical people. Today, in addition to my system administration work,
I also write web applications in php and python that are used in a number 
of different organizations in the energy sector.

I have not attended college. I graduated from high school in 1998 and saw 
the writing on the wall. I moved immediately to Northern California and 
started working in the tech industry on the basis of my technical skill.
Had I gone to college I would have graduated just in time to hold a 
degree that might get me a McJob (2002, just after the bubble burst.) 


In my past I've worked for ISPs, local tech houses, software companies
and non-technical companies. There are a number of roles for which
companies indicate they want someone with an EE/CS or equivilent. 
No matter what their actual dutites I've seen 4 basic archetypes: 

The Genius; The genius was the smartest guy at the company. He knew how 
everything worked and was the guy that management went to when they had 
something new to do.

The Programmer; The programmer was just that, the average, everyday 
computer programmer.
The Admin; The senior system administrator, who made the decisions on 
what their technical infrastructure looked like.

The Tech; The tech was generally a semi-skilled worker doing grunt work,
such as help desk, QA or system maintenance.


Let's take a look at The Genius first. The Genius is the guy that's been
programming since he was 8. He started on a C64 or an Apple II with basic 
and moved on from there. In high school he was reading Diijkstra and
Knuth. From there he either went on to the working world or he went on to 
study EE and/or CS, often on a full scholarship.

These guys have universally put me to shame. I have tried to debate them
in my weaker moments and have always lost. I've talked to many of them
about their college experience and except for one guy all of them said
it was a waste of time. Of those that didn't attend college they have 
universally said that they've never regretted not going.

The Programmer is by far the most common player. This is also the 
player that is most likely to benefit from a CS degree. The problem?
They didn't learn anything useful.

I have had to educate programmers in basic skills they should have
picked up in CS 101. For example, not long after I joined a well-known
dot-com there was a vulnerability discovered in OpenSSL. Naturally I
upgraded it to avoid the exploit. 

A couple weeks later our head programmer (who held a CS degree from 
Caltech) came to talk to me about it. Apparently because I had installed
both the shared and static versions of OpenSSL it was now being compiled
against the shared version. I spent an hour explaining the difference 
between shared libraries and static libraries. He still wasn't convinced
it didn't matter. So I spent 30 minutes explaining to him (in step by 
step detail) how to change '-lopenssl' to '/usr/local/lib/openssl.a' and
how it was no different than not having the shared library in the first 
place.

The kicker? A couple hours later he came back with my boss and they asked 
me to remove the shared library because they thought it was causing 
problems. I did so and it didn't fix their problem. A month later I put 
the shared library back and never heard another complaint.

For those of you unfamiliar with Unix the problem I just described is 
a basic one. A programmer who doesn't know the difference between a 
shared library and a static library is similar to a car designer who
can't tell you the difference between a carborator and fuel injection,
and has to ask the mechanic to explain the differences. 

The Admins and The Techs are really in the same boat when it comes to 
a CS degree. There's no reason for having them go through a CS program. 
If these jobs need any training after highschool it's best handled either 
on-the-job or in some sort of vocational school. (Those have their
problems too, however. I will not hire an ITT grad, for example, as I've
never seen any worth their salt.) 


This brings us around to my question; Why do we need more CS students?
Or, more correctly (if a bit harsh); Why are CS degrees so worthless? 

The smartest guys, those who should be involved in getting their
doctorate, see it as a waste of time because they learned it all in high
school. There's nothing a CS degree will teach them they don't already
know. 

The guys that would actually benefit from a CS degree aren't learning 
anything either. Why? They're not being taught. Current CS degrees focus
so much on algorithms and math that they see the basics as unimportant. 
They're teaching students to jump and do cartwheels but they don't teach
them how to walk. 

There are a couple interview questions I ask every candidate that anyone
with a CS degree should be able to answer in under a minute. Most (~60%)
of the candidates I've seen can't answer these questions. 

The questions:

Please write a program that prints out the numbers 1 through 10 
in the language of your choice. 

Please demonstrate a snippet of code in the language of your
choice that will swap the value of two variables. 

I'm not looking for specific answers here. I'm looking for whether they 
can answer these very basic questions in under 5 minutes. 

I've asked a number of candidates these questions. Those who did not
have a degree answered them every time, typically in under a minute.

It's only the people who have a CS degree that have ever failed these 
questions. Some of those guys had more than 5 years working experience, 
too! To be fair, most of the guys that failed these questions were trying 
to get their first job. 

It still leaves me wondering: How did these guys gradutate with a CS
degree in the first place?

Flavourswap 1.1! Now with flavor!

2007-04-19T17:17:40Z

Hot on the heels of the initial Flavourswap 1.0 release is the highly anticipated release of Flavourswap 1.1!

Changes in this release include support for arbitrary browsers. No more browser specific code!

Because I wanted to keep this lightweight I'm not using any external libraries. It's pure python and shouldn't add much overhead. However, you're limited to simple string matches. You can match anything that the find method of a string will match.

If you're the sort of person who runs pybloxom and want to customize your site with a unique look based on the person's webbrowser, download it today and give it a spin.

Also, this release means that OmniWeb users now get to enjoy the same rendering speed boost that gecko users enjoy. Unfortunatly Safari as shipped still doesn't recognize © and   so only OmniWeb gets the boost.

OS X Tips Article That Actually Helped Me

2007-03-21T17:25:27Z

A just ran across this article over at Mac OS X Tips. I knew about some of those but some I didn't know about.

Announcing Flashmounter!

2007-03-15T21:44:41Z

It mounts, it performs backups, it slices and dices your data with the greatest of ease!

Er, wait. Wouldn't slicing and dicing be a bad thing?

Anyway, I have written what I feel is the coolest software to be conceived of and written in 3-4 hours this week!

I have this mythtv machine with a built-in SD reader. My camera uses SD. It's currently a PITA to connect any of my SD readers to the mac mini. So I wrote a script that monitors the state of that SD reader and mounts my SD card as needed. It also watches for certain files to show up in the root of the device. If it sees "unmount" it will unmount the device. If it sees "backup" it will tar up the contents of the device in a location I set, by date and time.

The really cool part is that it has growl support. Thanks to netgrowl.py I was able to deliver growl messages to my mini. I'm also running netatalk, so I can use the SD reader in my mythtv machine without even sshing to that machine. I just create the proper files as part of my workflow. After work, I'll set up some automator flows to automate my photography workflow even more.

I've taken a screenshot of flashmounter in action, though it's not much to look at. You can download flashmounter too.

The $3000 iPhone?

2007-03-01T16:47:32Z

I haven't really written, or even said much, about the iPhone. Until it's been released and people are able to hold it in their hand I haven't seen the point. However, Chris Seibold at Apple Matters just published the most ridiculous article I've read about the iPhone yet.

In the article he adds a lot of claptrop about how much the iPhone "really" costs, and of course he inflates the prices as much as he can.

iPhone: $499
$500 bucks for a cell phone? Its an outrage. Well, remember that it is also an internet device, a camera, an iPod, and a game-playing wonder. Now how much would you pay?

This is actually not a bad price for a cell phone. Remember when the Razr was first released? It was a $50 phone in a thin case that cost $500. The StarTac was over $600. The Treo 650 was in the same price range. Still think the iPhone price is all that bad?

Cingular service: $39.99(450 minutes) to $199.99 (6000 minutes)

Why is this included as part of the phone? You'd have to pay this no matter which phone you get. Let's throw this number away, since it doesn't affect the actual price of the phone.

Bluetooth earpiece: $50
If you're cool enough to have an iPhone, you're probably legally required to have the Bluetooth iPhone earpiece jammed in your ear canal

Chris' reasoning is just silly here. Another cost we don't factor in, because it's the same for every phone.

Data package: $20-$50
The smartphone connect with unlimited data is only $20. You think Cingular is going to let you get away with that? Surely you jest. More likely you'll be hit with the $50 Blackberry connect fee.

Chris' speculation is not unreasonable, but it's also wrong. There's no reason that you have to speculate here, however. Cingular has already said that you will need the same plan as other PDAs, like the Treo 650. The cost? $40/mo.

Getting out of your current contract: $200.00
Sure, you say, there is no way you'll pay it, but start setting some dough aside.

Here we see Chris adding costs in that really don't belong, just to inflate the price. Another cost we can safely drop.

Car charger: $40
Your plan is to keep the iPhone charged, right? With a five-hour battery life a portable charger is not an option, it is a necessity. And since the phone is new youll have to pay an exorbitant amount.

This one is pure FUD. The iPhone uses the same dock connector as every model of the iPod, except for the shuffle. I'd wager that a large portion of the iPhone's target market already has a car charger for their iPod. But I'll be a little bit fair to Chris, we'll give him this one for now at $15.

Case: $50 Cmon, youve spent all this jack for a phone and youre going to try to shave a few pennies off the cost by skipping or making your own cover? I think not!

A $50 case? I suppose you could spend that much. I think the cost will be more along the lines of $25 at most, but maybe if you have a lot of disposable income you'll spend as much as $50.

So what's the final price? With two years of service and the above costs completely factored in, I total $1500 over 2 years. Of that $1500, $540 is the upfront cost and the other $960 is spread out over the next two years in the form of the data plan. Somehow, that doesn't seem quite as bad to me.

I'm making a couple assumptions here, but I think they're resonable assumptions. First, I'm assuming that you already have a cell phone plan. Second, I'm assuming that you either are no longer in contract or will find a way out of your current contract without paying. Given the audience for my blog I'm pretty confident that both situations apply.

Finally, the question I've been asked most. Will I get an iPhone? I don't know yet. I would love to have one but that's not the only factor. Dad already offered to buy me one in June, after he gets the rest of his inheritance. I don't know that I'll take him up on that, however. I carry a cingular phone for work, so I'll have to either activate a iPhone through work or switch to cingular for my personal phone. I don't think I want to go to GSM, which has shitty coverage outside of major cities. Plus, carrying two cingular phones would be pretty retarded.