Category Archives: Technology

Asus violating GPL again?

Linux

There was a small firestorm last year when people realized that Asus was not releasing source code to GPL’d components of the EeePC. At the time, they eventually did post source code on their website.

Recently I bought an Eee 901. Asus has modified the kernel’s ACPI driver. They released the source code to that on an 8G surf model, but the 901 has additional hardware features in the ACPI space (bluetooth radio power toggle, for instance) that are not in the source they released back then. There are no sources released at all under the 901 section of their website.

Anyone know whom to contact at Asus about this?

Weird Firefox Problem

Software

Once again, I find myself turning to this wonderful series of tubes for help on a weird problem.

I have Firefox (Iceweasel) on all the computers I regularly use. One of these computers has had a persistent problem.

After using it for awhile, it takes a really long time to look up hostnames in DNS. And after upgrading to Firefox 3, it got much worse. Not only did name resolution get slow, but sometimes page loads would get exceptionally slow as well. I could have 5 tabs open, and all of a sudden at the magic moment, nothing would load on any tab. It was as if I was being hit by 75% packet loss. And new pages wouldn’t load, either.

tcpdump showed Firefox not even sending out packets at these times. After a few minutes, it might be back to normal. But I could always quit and restart and it would be fine.

Now, here’s the weird thing: I’ve eliminated every possible difference I can think of between this one machine and the others I use Firefox on. My plugins and extensions are the same set with the same versions. My configuration is the same. When this problem is happening, other network-related programs (even other web browsers) on the same machine are working fine. Nobody else here seems to be having this problem.

Any ideas?

Cuil looks useless

Software

So lots of technology sites are all excited about the launch of cuil.com, yet another in a long line of companies that the hype says could dethrone Google.

I went to cuil.com and searched for Amtrak.

It came up with hits for various routes, a historical society, etc. Everything except the actual homepage of Amtrak, amtrak.com, which has the most useful information about Amtrak.

hit on Google.

If Cuil can’t get that right, why bother?

OSCon Update

Software

On Wednesday, OSCon really goes into high gear (and the wifi croaks) at OSCon. The people that aren’t going to the tutorials all arrive, and aren’t yet sluggish from the late-night vendor parties and BOFs.

The keynotes were OK, and after that, I listened to Keith Packard talk about the future of X. Then it was off to finish the preparation for my own talk on Linux on the corporate desktop. It was the first time I spoke at OSCon, and it seems to have gone well. I keep running into people that were at the talk and thought of some more questions — and of course I chatted with a number of people right after as well. There are a number of other companies that are planning on doing what we’ve done, or even started down the implementation path already. It’s some effort making something of OSCon quality (Damian Conway suggests something like 10 hours preparing for every 1 hour presenting — I didn’t do that), but I’m glad I did.

The Expo Hall opened Wednesday as well. Met some interesting folks there — Open Lina, a company that sells Linux hardware, an Open Source groupware product I hadn’t heard of before (they are apparently working on Debian Packages too), and some others I can’t remember right now…

Tuesday I had dinner at Andina, a Peruvian restaurant, with fellow Haskellers Bryan O’Sullivan and Don Stewart — the first time the three of us Real World Haskell folks met in one place.

Today brought Nat Torkington’s excellent keynote, and also r0ml’s great talk this afternoon (“I started this talk in 2003, and it’s run a bit long.”) Another great time for some networking in the hallways and expo hall. One of the LinuxFest Northwest folks had attended my talk, happened to see me as I was stuffing one of the may free t-shirts that vendors were giving out into my laptop bag (by afternoon, they were getting quite in your face about it), and struck up a conversation.

Went for sushi over lunch with a couple of folks from on IRC, then dinner with Debian folks.

Been a busy week, but met lots of people. I didn’t go to as many talks as I planned because I was so busy talking to people — guess that means the conference was a hit.

First 2 Days of OSCon

Software

I’m really enjoying OSCon this year. I’ve been here two days and just Tuesday afternoon actually went to what I had planned to go to. There’s an XMPP summit here (wasn’t on the schedule), and I dropped in there a few times. Got one of the XMPP developers to look at my system and figure out why Empathy isn’t doing video chat with the N810 right.

Had an OSCon moment yesterday. I was sitting at a table with my laptop, trying to meet up with someone I had only met online before. We were chatting over Jabber. And I realized that person was about 20 feet away. This pattern has repeated itself several times now.

We went to McCormick and Schmick’s for dinner. Great seafood and everybody there seemed to really enjoy Jacob too.

The People for Geeks talk was fun. They talked about how geeks tend to apply the tact filter in input, and everybody else on the output, which causes frustration for everyone. Though somebody in the audience asked why that applies to computer geeks but not theater geeks — an interesting question, and one I wish they had probed a bit more.

I keep running in to interesting people here. One day I was talking to someone about alternatives to cfengine (he suggested parrot). This morning I was talking to someone that works for IBM, who is involved with their project to convert desktop machines to Linux and was interested in how we fared. I’ve met several people that spot my Haskell ribbon and are interested. One of them told me at breakfast that he heard there is this new Haskell book coming out that’s about using Haskell in the real world. Another OSCON momemt when I told him I’m one of the authors of that book. The surprise was fun.

Damian Conway had a great talk Monday night on “how to give a great OSCON talk.” I haven’t found his slides anywhere.

Kernel interrupt weirdness?

Linux

I’ve had a problem with recent kernels. (I think it’s the kernel that’s doing this.) When my workstation is doing heavy I/O, it repeats keystrokes. For instance, while I was typing this paragraph, audacity was writing audio to disk, and I got this word:

heavvvvvvvvvvvy

It seems as if it thinks I haven’t let up on the keys.

I’ve seen this on two different machines and it seems to have started with 2.6.24 or 2.6.25.

Has anyone else seen this? Any ideas where I’d go to fix it? Incidentally, I’m in X when this happens. I don’t use the console much when there would be a chance for it to happen.

This is such a weird problem I’ve struck out googling, and I’m not even sure which mailing list to take it to.

My DNS happiness is complete

Technology

I have been using Gandi as my preferred register for some years now. They have probably the most customer-friendly AUP out there, are reliable, and good decent folks. I have liked everything about them.

Except the fact that they don’t have whois privacy. But now they do! Woohoo! They did have whois spam protection all along, but your address and phone number was visible to everyone.

Whois privacy services are something that you have to keep a close eye on. What you want is for your name to still show up in the public whois database, but just nothing else. Some whois privacy services put *their* name there, which means technically they own the domain. I wouldn’t trust that. Gandi is better about it. Your name, their address and phone number.

Of course, you still have to give Gandi your real contact info, and there are some situations in which it will be revealed. But all in all, I am very happy to see them doing this.

I had looked at other registrars that provided whois privacy, and never liked them for various reasons. Many happened to also have quite restrictive terms of service (hello Dynadot), maybe were good people but had restrictive ToS and crappy interface (register4less), etc.

Now I get to stick with Gandi and get the features I want. I’m very happy with that.

Linux on the Desktop

Desktop Linux

Later this month, I will be giving a talk at OSCon about Linux on the corporate desktop — something we have done where I work. I’ve been alloted a 45-minute timeslot. I will, of course, be posting my slides online and I think OSCon also posts videos of these things.

I’m wondering if readers of my blog would like to leave me some comments on what you’d like to see. What would you like to know about Linux on the corporate desktop? Is there anything that you’d like to make sure I discuss?

Thoughtfulness on the OpenSSL bug

Debian,

By now, I’m sure you all have read about the OpenSSL bug discovered in Debian.

There’s a lot being written about it. There’s a lot of misinformation floating about, too. First thing to do is read this post, which should clear up some of that.

Now then, I’d like to think a little about a few things people have been saying.

People shouldn’t try to fix bugs they don’t understand.

At first, that sounds like a fine guideline. But when I thought about it a bit, I think it’s actually more along the lines of useless.

First of all, there is this problem: how do you know whether or not you understand it? Obviously, sometimes you know you don’t understand code well. But there are times when you think you do, but don’t. Especially when we’re talking about C and its associated manual memory management and manual error handling. I’d say that, for a C program of any given size, very few people really understand it. Especially since you may be dealing with functions that call other functions 5 deep, and one of those functions modifies what you thought was an input-only parameter in certain rare cases. Maybe it’s documented to do that, maybe not, but of course documentation cannot always be trusted either.

I’d say it’s more useful to say that people should get peer review of code whenever possible. Which, by the way, did occur here.

The Debian maintainer of this package {is an idiot, should be fired, should be banned}

I happen to know that the Debian programmer that made this patch is a very sharp individual. I have worked with him on several occasions and I would say that kicking him out of maintaining OpenSSL would be a quite stupid thing to do.

He is, like the rest of us, human. We might find that other people are considerably less perfect than he.

Nobody that isn’t running Debian or Ubuntu has any need to worry. This is all Debian’s fault.

I guess you missed the part of the advisory that mentioned that it also fixed an OpenSSL upstream bug (that *everyone* is vulnerable to) that permitted arbitrary code execution in a certain little-used protocol? OpenSSL has a history of security bugs over the years.

Of course, the big keygen bug is a Debian-specific thing.

Debian should send patches upstream

This is general practice in Debian. It happens so often, in fact, that the Debian bug-tracking system has had — for probably more than a decade — a feature that lets a Debian developer record that a bug reported to Debian has been forwarded to an upstream developer or bug-tracking system.

It is routine to send both bug reports and patches upstream. Some Debian developers are more closely aligned with upstream than others. In some cases, Debian developers are part of the upstream team. In others, upstream may be friendly and responsive enough that Debian developers run any potential patches to upstream code by them before committing them to Debian. (I tend to do this for Bacula). In some cases, upstream is busy and doesn’t respond fast or reliably or helpfully enough to permit Debian to make security updates or other important fixes in a timely manner. And sometimes, upstream is plain AWOL.

Of course, it benefits Debian developers to send patches upstream, because then they have a smaller diff to maintain when each new version comes out.

In this particular case, communication with upstream happened, but the end result just fell through the cracks.

Debian shouldn’t patch security-related stuff itself, ever

Well, that’s not a very realistic viewpoint. Every Linux distribution does this, for several reasons. First, a given stable release of a distribution may be older than the current state of the art upstream software, and some upstreams are not interested in patching old versions, while the new upstream versions introduce changes too significant to go into a security update. Secondly, some upstreams do not respond in a timely manner, and Debian wants to protect its users ASAP. Finally, some upstreams are simply bad at security, and having smart folks from Debian — and other distributions — write security patches is a benefit to the community.