Category Archives: Software

Asus violating GPL again?

Linux

There was a small firestorm last year when people realized that Asus was not releasing source code to GPL’d components of the EeePC. At the time, they eventually did post source code on their website.

Recently I bought an Eee 901. Asus has modified the kernel’s ACPI driver. They released the source code to that on an 8G surf model, but the 901 has additional hardware features in the ACPI space (bluetooth radio power toggle, for instance) that are not in the source they released back then. There are no sources released at all under the 901 section of their website.

Anyone know whom to contact at Asus about this?

Weird Firefox Problem

Software

Once again, I find myself turning to this wonderful series of tubes for help on a weird problem.

I have Firefox (Iceweasel) on all the computers I regularly use. One of these computers has had a persistent problem.

After using it for awhile, it takes a really long time to look up hostnames in DNS. And after upgrading to Firefox 3, it got much worse. Not only did name resolution get slow, but sometimes page loads would get exceptionally slow as well. I could have 5 tabs open, and all of a sudden at the magic moment, nothing would load on any tab. It was as if I was being hit by 75% packet loss. And new pages wouldn’t load, either.

tcpdump showed Firefox not even sending out packets at these times. After a few minutes, it might be back to normal. But I could always quit and restart and it would be fine.

Now, here’s the weird thing: I’ve eliminated every possible difference I can think of between this one machine and the others I use Firefox on. My plugins and extensions are the same set with the same versions. My configuration is the same. When this problem is happening, other network-related programs (even other web browsers) on the same machine are working fine. Nobody else here seems to be having this problem.

Any ideas?

Cuil looks useless

Software

So lots of technology sites are all excited about the launch of cuil.com, yet another in a long line of companies that the hype says could dethrone Google.

I went to cuil.com and searched for Amtrak.

It came up with hits for various routes, a historical society, etc. Everything except the actual homepage of Amtrak, amtrak.com, which has the most useful information about Amtrak.

hit on Google.

If Cuil can’t get that right, why bother?

OSCon Update

Software

On Wednesday, OSCon really goes into high gear (and the wifi croaks) at OSCon. The people that aren’t going to the tutorials all arrive, and aren’t yet sluggish from the late-night vendor parties and BOFs.

The keynotes were OK, and after that, I listened to Keith Packard talk about the future of X. Then it was off to finish the preparation for my own talk on Linux on the corporate desktop. It was the first time I spoke at OSCon, and it seems to have gone well. I keep running into people that were at the talk and thought of some more questions — and of course I chatted with a number of people right after as well. There are a number of other companies that are planning on doing what we’ve done, or even started down the implementation path already. It’s some effort making something of OSCon quality (Damian Conway suggests something like 10 hours preparing for every 1 hour presenting — I didn’t do that), but I’m glad I did.

The Expo Hall opened Wednesday as well. Met some interesting folks there — Open Lina, a company that sells Linux hardware, an Open Source groupware product I hadn’t heard of before (they are apparently working on Debian Packages too), and some others I can’t remember right now…

Tuesday I had dinner at Andina, a Peruvian restaurant, with fellow Haskellers Bryan O’Sullivan and Don Stewart — the first time the three of us Real World Haskell folks met in one place.

Today brought Nat Torkington’s excellent keynote, and also r0ml’s great talk this afternoon (“I started this talk in 2003, and it’s run a bit long.”) Another great time for some networking in the hallways and expo hall. One of the LinuxFest Northwest folks had attended my talk, happened to see me as I was stuffing one of the may free t-shirts that vendors were giving out into my laptop bag (by afternoon, they were getting quite in your face about it), and struck up a conversation.

Went for sushi over lunch with a couple of folks from on IRC, then dinner with Debian folks.

Been a busy week, but met lots of people. I didn’t go to as many talks as I planned because I was so busy talking to people — guess that means the conference was a hit.

First 2 Days of OSCon

Software

I’m really enjoying OSCon this year. I’ve been here two days and just Tuesday afternoon actually went to what I had planned to go to. There’s an XMPP summit here (wasn’t on the schedule), and I dropped in there a few times. Got one of the XMPP developers to look at my system and figure out why Empathy isn’t doing video chat with the N810 right.

Had an OSCon moment yesterday. I was sitting at a table with my laptop, trying to meet up with someone I had only met online before. We were chatting over Jabber. And I realized that person was about 20 feet away. This pattern has repeated itself several times now.

We went to McCormick and Schmick’s for dinner. Great seafood and everybody there seemed to really enjoy Jacob too.

The People for Geeks talk was fun. They talked about how geeks tend to apply the tact filter in input, and everybody else on the output, which causes frustration for everyone. Though somebody in the audience asked why that applies to computer geeks but not theater geeks — an interesting question, and one I wish they had probed a bit more.

I keep running in to interesting people here. One day I was talking to someone about alternatives to cfengine (he suggested parrot). This morning I was talking to someone that works for IBM, who is involved with their project to convert desktop machines to Linux and was interested in how we fared. I’ve met several people that spot my Haskell ribbon and are interested. One of them told me at breakfast that he heard there is this new Haskell book coming out that’s about using Haskell in the real world. Another OSCON momemt when I told him I’m one of the authors of that book. The surprise was fun.

Damian Conway had a great talk Monday night on “how to give a great OSCON talk.” I haven’t found his slides anywhere.

Kernel interrupt weirdness?

Linux

I’ve had a problem with recent kernels. (I think it’s the kernel that’s doing this.) When my workstation is doing heavy I/O, it repeats keystrokes. For instance, while I was typing this paragraph, audacity was writing audio to disk, and I got this word:

heavvvvvvvvvvvy

It seems as if it thinks I haven’t let up on the keys.

I’ve seen this on two different machines and it seems to have started with 2.6.24 or 2.6.25.

Has anyone else seen this? Any ideas where I’d go to fix it? Incidentally, I’m in X when this happens. I don’t use the console much when there would be a chance for it to happen.

This is such a weird problem I’ve struck out googling, and I’m not even sure which mailing list to take it to.

Linux on the Desktop

Desktop Linux

Later this month, I will be giving a talk at OSCon about Linux on the corporate desktop — something we have done where I work. I’ve been alloted a 45-minute timeslot. I will, of course, be posting my slides online and I think OSCon also posts videos of these things.

I’m wondering if readers of my blog would like to leave me some comments on what you’d like to see. What would you like to know about Linux on the corporate desktop? Is there anything that you’d like to make sure I discuss?

Thoughtfulness on the OpenSSL bug

Debian,

By now, I’m sure you all have read about the OpenSSL bug discovered in Debian.

There’s a lot being written about it. There’s a lot of misinformation floating about, too. First thing to do is read this post, which should clear up some of that.

Now then, I’d like to think a little about a few things people have been saying.

People shouldn’t try to fix bugs they don’t understand.

At first, that sounds like a fine guideline. But when I thought about it a bit, I think it’s actually more along the lines of useless.

First of all, there is this problem: how do you know whether or not you understand it? Obviously, sometimes you know you don’t understand code well. But there are times when you think you do, but don’t. Especially when we’re talking about C and its associated manual memory management and manual error handling. I’d say that, for a C program of any given size, very few people really understand it. Especially since you may be dealing with functions that call other functions 5 deep, and one of those functions modifies what you thought was an input-only parameter in certain rare cases. Maybe it’s documented to do that, maybe not, but of course documentation cannot always be trusted either.

I’d say it’s more useful to say that people should get peer review of code whenever possible. Which, by the way, did occur here.

The Debian maintainer of this package {is an idiot, should be fired, should be banned}

I happen to know that the Debian programmer that made this patch is a very sharp individual. I have worked with him on several occasions and I would say that kicking him out of maintaining OpenSSL would be a quite stupid thing to do.

He is, like the rest of us, human. We might find that other people are considerably less perfect than he.

Nobody that isn’t running Debian or Ubuntu has any need to worry. This is all Debian’s fault.

I guess you missed the part of the advisory that mentioned that it also fixed an OpenSSL upstream bug (that *everyone* is vulnerable to) that permitted arbitrary code execution in a certain little-used protocol? OpenSSL has a history of security bugs over the years.

Of course, the big keygen bug is a Debian-specific thing.

Debian should send patches upstream

This is general practice in Debian. It happens so often, in fact, that the Debian bug-tracking system has had — for probably more than a decade — a feature that lets a Debian developer record that a bug reported to Debian has been forwarded to an upstream developer or bug-tracking system.

It is routine to send both bug reports and patches upstream. Some Debian developers are more closely aligned with upstream than others. In some cases, Debian developers are part of the upstream team. In others, upstream may be friendly and responsive enough that Debian developers run any potential patches to upstream code by them before committing them to Debian. (I tend to do this for Bacula). In some cases, upstream is busy and doesn’t respond fast or reliably or helpfully enough to permit Debian to make security updates or other important fixes in a timely manner. And sometimes, upstream is plain AWOL.

Of course, it benefits Debian developers to send patches upstream, because then they have a smaller diff to maintain when each new version comes out.

In this particular case, communication with upstream happened, but the end result just fell through the cracks.

Debian shouldn’t patch security-related stuff itself, ever

Well, that’s not a very realistic viewpoint. Every Linux distribution does this, for several reasons. First, a given stable release of a distribution may be older than the current state of the art upstream software, and some upstreams are not interested in patching old versions, while the new upstream versions introduce changes too significant to go into a security update. Secondly, some upstreams do not respond in a timely manner, and Debian wants to protect its users ASAP. Finally, some upstreams are simply bad at security, and having smart folks from Debian — and other distributions — write security patches is a benefit to the community.

DjVu and the scourge of the PDF

Software,

A little while back, I wrote a blog post called DjVu: Almost Awesome, where I pointed out the strengths of the three DjVu family of formats, but lamented the fact that there was no Free Software to create DjVu files in the most interesting format, DjVu Document.

Well, now there is: pdf2djvu is out and works, and it’s been ITP’d to Debian, too.

As a very quick recap, DjVu is a family of raster image codecs that often creates files much smaller than PDFs, PNGs, TIFFs, etc. It has a ton of advanced features for things like partial downloads from websites. It’s pretty amazing that a raster format can create smaller files than PDFs, even at 300 or 600dpi resolutions in the output. Of course, for some ultra-high-end press work, PDF would still be needed, but DjVu is quite compelling for quite a few uses. Since it is a raster format, it is simpler to decode and is not subject to local system variations, such as installed fonts, like PDF is.

Which brings me to the scourge of PDF. Recently we got a trouble ticket at work from someone saying there was a bug with our Linux environment because Linux users didn’t see the correct results when they opened his PDF file. A quick inspection with some of the xpdf utilities (pdffonts, to be specific) revealed that the correct fonts were not embedded in the file. The user didn’t believe me, and still wanted to blame Linux, saying that it worked fine on his PC with Acrobat. So I tried opening the file on a Windows 2003 terminal server, and it looked worse there than it did with any Free Linux viewer — really quite terribly corrupted. He still wasn’t entirely convinced, until he happened to try printing the file in question, and even Acrobat couldn’t print it right.

PDF was supposed to be a “read anywhere” format that produces exact results. But it hasn’t really lived up to that. Font embedding is one reason; the spec lists a handful of fonts that are allowed to not be embedded, but it is routine for some reason to violate that and fail to embed quite a few more. Then you have to deal with font substitution on the receiving end, which is inexact at best. Then you have all sorts of complex differences between versions, and it becomes quite the mess. (And don’t even get me started on broken PDF editors, such as the ones Adobe sells…) Somehow, quite a few people seem to have this idea built up in their heads that PDF is both an exact format, and an editable format, when really it is neither. (Last week, I was asked to convert a PDF file to a Word document. Argh.)

DjVu keeps looking more and more pleasant to my eyes.

Knuth and Reusable Code

Programming

In the recent interview with InformIT, Donald Knuth said:

I also must confess to a strong bias against the fashion for reusable code. To me, “re-editable code” is much, much better than an untouchable black box or toolkit. I could go on and on about this. If you’re totally convinced that reusable code is wonderful, I probably won’t be able to sway you anyway, but you’ll never convince me that reusable code isn’t mostly a menace.

I have tried in vain to locate any place where he talks about this topic at greater length. Does anyone have a link?