December 31, 2003
The Mail Must Get Through

1. Every good work of software starts by scratching a developer's personal itch.

Perhaps this should have been obvious (it's long been proverbial that ``Necessity is the mother of invention'') but too often software developers spend their days grinding away for pay at programs they neither need nor love. But not in the Linux world

December 28, 2003
The IT industry is shifting away from Microsoft

The culture at Microsoft , however, prevents change. I was talking to a high level person in charge of security at the Intel Developer Forum last fall, and we chatted about what Microsoft could do to fix things. He asked the right questions, and I told him the right answers, trust. Plus, throw everything you have out and start again. He didn't get it. No, more than that, he was impervious to the things I was saying to him, the culture is so ingrained that the truth can't penetrate it. Microsoft cannot fix the 'bugs' that lead to security problems because they are not bugs, they are design choices. When faced with Java, Microsoft reacted with ActiveX. That, it claimed, could do everything that Java could not, because Java was in a 'sandbox', and programs could not get out.

The fact remains that Microsoft's entire infrastructure is based on fundamentally flawed designs, not buggy code. These designs can't be changed.

To change them, Microsoft would have to dump all existing APIs and break compatibility with everything up till now. If Microsoft does do this, it will have the opportunity to fix the designs that plague its product lineup.

December 19, 2003
Postmortem memory profiling with PERL

Problems with memory, such as leaks and memory-greedy applications can cause many problems for application developers; more so for wireless applications due to the prevalence of memory-constrained devices as platforms. To avoid such memory problems, Martyn Honeyford shows how a PERL script can analyze memory issues for later repair. He offers three progressively more sophisticated solutions to demonstrate the concept.

December 18, 2003
White House Web Scrubbing

White House officials were steamed when Andrew S. Natsios, the administrator of the U.S. Agency for International Development, said earlier this year that U.S. taxpayers would not have to pay more than $1.7 billion to reconstruct Iraq -- which turned out to be a gross understatement of the tens of billions of dollars the government now expects to spend.

Recently, however, the government has purged the offending comments by Natsios from the agency's Web site. The transcript, and links to it, have vanished.

This is not the first time the administration has done some creative editing of government Web sites. After the insurrection in Iraq proved more stubborn than expected, the White House edited the original headline on its Web site of President Bush's May 1 speech, "President Bush Announces Combat Operations in Iraq Have Ended," to insert the word "Major" before combat.

Networking: What happens when you don't understand the problem

Just in case you aren't getting the deeper implications of this: Anyone running DHCP has a security hole on their network. Now, there are ways of restricting who can get a lease from a server. But that's not security. That's access restriction. That's no more security than not allowing people in the door who don't work there. It's kinda security but not really. You still aren't verifying that the server you're getting your configuration information and settings from is the server you're supposed to be getting them from. You plug into the network, (virtually in the case of wireless) and get your configuration from the first server you find. If it's the right one, hooray! If it's the wrong one, you're screwed.

css crib sheet

You will no doubt come across many quirky layout issues when building a site with CSS. You'll end up banging your head against a wall time and again. This is an attempt to make the design process easier, and provide a quick reference to check when you run into trouble.

Paying developers to get features faster

What do you do when your off-the-shelf software lacks all the features you want? If it's Open Source software, you can modify the program yourself, if you've got the time and expertise, but then you have to worry about supporting your mods, and whether they'll work when a new release comes out. You can ask the program's developers and hope they'll do what you request within a useful time frame. Or -- in some cases -- you can pay the developers to add the features you want, in the timeframe you want, as part of the main release.

Wonderful World of Linux 2.6 - Joe Pranevich

Although it seems like only yesterday that we were booting up our first Linux 2.4 systems, time has ticked by and the kernel development team has just released the 2.6 kernel to the public. This document is intended as a general overview of the features in the new kernel release, with a heavy bias toward i386 Linux. Please also be aware that some of the "new" features discussed here may have been back-ported to Linux 2.4 after first appearing in Linux 2.6, either officially or by a distribution vendor. I have also included information on a handful of cases where a new feature originated during the maintenance cycle of Linux 2.4, and those will be marked as appropriate in the text.

December 17, 2003

Here's my "site of the day".

The RIAA Succeeds Where the Cypherpunks Failed

The obvious parallel here is with Prohibition. By making it unconstitutional for an adult to have a drink in their own home, Prohibition created a cat and mouse game between law enforcement and millions of citizens engaged in an activity that was illegal but popular. As with file sharing, the essence of the game was hidden transactions -- you needed to be able to get into a speakeasy or buy bootleg without being seen.

This requirement in turn created several long-term effects in American society, everything from greatly increased skepticism of Government-mandated morality to broad support for anyone who could arrange for hidden transactions, including organized crime. Reversing the cause did not reverse the effects; both the heightened skepticism and the increased power of organized crime lasted decades after Prohibition itself was reversed.

Teaching educators about free software

One big barrier I foresee in teaching teachers -- and school and school district administrators -- about free software is their natural reluctance to teach students to use software that isn't "mainstream." There's no denying the fact that Windows and Windows-based proprietary software are going to be more popular on corporate desktops than Linux and free software for at least another 10 years or so, and educators feel they have an obligation to teach students skills they will be able to use in the "real world" after they graduate.

December 15, 2003
Under The Cover Of Darkness

Never before has the House of Representatives operated in such secrecy:

At 2:54 a.m. on a Friday in March, the House cut veterans benefits by three votes.

At 2:39 a.m. on a Friday in April, the House slashed education and health care by five votes.

At 1:56 a.m. on a Friday in May, the House passed the Leave No Millionaire Behind tax-cut bill by a handful of votes.

At 2:33 a.m. on a Friday in June, the House passed the Medicare privatization and prescription drug bill by one vote.

At 12:57 a.m. on a Friday in July, the House eviscerated Head Start by one vote.

And then, after returning from summer recess, at 12:12 a.m. on a Friday in October, the House voted $87 billion for Iraq.

Always in the middle of the night. Always after the press had passed their deadlines. Always after the American people had turned off the news and gone to bed.

December 13, 2003
The Rise of the Spammers

Spammers are becoming more intelligent and more difficult to detect, which is a strange issue, just because in my opinion, an intelligent person is smart enough for not bothering millions of people. So, why these people keep on helping unethical companies and individuals that send out unsolicited e-mails? The reason should be simple and common these days: money.

But I'm not going to talk about the motives of this spam community to send millions of dumb e-mails telling how to get a good mortgage rate, increase my body length or make business with an African prince. This is the story of how one of my home servers was compromised and used as a massive spamming sender within an environment that I've never seen (but was likely to happen).

GPL is no hippie dream

This is from U.S. Code Collection, Title 17 (copyrights), Chapter 1, Section 101: "Definitions." In short, this is from the very first section in copyright law -- the section that defines terms even before those terms are used. This is some pretty fundamental stuff when it comes to copyrights in the U.S.

Pertinent, if you will.

And note how copyright law expressly includes "the expectation of receipt" of anything of value, and expressly mentions "receipt of other copyrighted works" as such a thing of value. And that's the very definition of "financial gain," as far as U.S. copyright law is concerned.

Now guess what the GPL is all about?

Maybe someone can explain to Darl that the GPL is designed so that people receive the value of other peoples copyrighted works in return for having made their own contributions. That is the fundamental idea of the whole license -- everything else is just legal fluff.

Users cling to old Microsoft operating systems

The study, released this week by technology consultant AssetMetrix, found that more than 80 percent of companies still have some machines using Windows 95 or Windows 98. Of those companies still using the older operating systems, an average of 39 percent of desktops were running either Windows 95 or Windows 98.

December 07, 2003
Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable

Now here's the really interesting part. Forgetting for a moment Diebold's voting machines, let's look at the other equipment they make. Diebold makes a lot of ATM machines. They make machines that sell tickets for trains and subways. They make store checkout scanners, including self-service scanners. They make machines that allow access to buildings for people with magnetic cards. They make machines that use magnetic cards for payment in closed systems like university dining rooms. All of these are machines that involve data input that results in a transaction, just like a voting machine. But unlike a voting machine, every one of these other kinds of Diebold machines -- EVERY ONE -- creates a paper trail and can be audited. Would Citibank have it any other way? Would Home Depot? Would the CIA? Of course not. These machines affect the livelihood of their owners. If they can't be audited they can't be trusted. If they can't be trusted they won't be used.

Now back to those voting machines. If EVERY OTHER kind of machine you make includes an auditable paper trail, wouldn't it seem logical to include such a capability in the voting machines, too? Given that what you are doing is adapting existing technology to a new purpose, wouldn't it be logical to carry over to voting machines this capability that is so important in every other kind of transaction device?

This confuses me. I'd love to know who said to leave the feature out and why?

December 03, 2003
How to Misunderstand Open Source Software Development

I began a short career in public accounting when eight large firms dominated the profession. At that time, each firm used a self-developed proprietary method for auditing companies' financial statements. Firms coveted their proprietary methods and we all signed non-disclosure and non-compete agreements to protect those business secrets.

Shortly before joining the profession, some congressmen concluded that the Big Eight didn't do enough to protect against fraud. Congress along with the Securities Exchange Commission ultimately teed off against accountants who fought back arguing that the profession should police itself. To avoid a new law and regulation the profession agreed to form the Financial Accounting Standards Board (FASB). The FASB allowed the accounting profession to police itself while giving the SEC more say in how auditing firms did their work.

Today, I notice something similar occurring in the field of information systems. The proprietary model of software development has started giving weigh to a standards-based model. Today, Congress faces issues with the nation's technology infrastructure that are similar to the ones that prompted accounting reform. Congress will also face intense lobbying and fanatical opposition to change like that put forth by the Big Eight in the early 1970's.

December 01, 2003
The Perfect Setup - Debian

This is a detailed description about the steps to be taken to setup a Debian based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3, Quota, Firewall, etc.).