Monthly Archives: May 2008

The Democratic Delegate Dance

Several stories on NPR today have featured interviews with Democratic voters in Florida and Michigan. Many of them were mad about the situation, but mad at their state democratic parties. Many of them did not vote because they were told their vote would not count, so now they are upset at these efforts to count the vote from these states.

Meanwhile, there is a very interesting post about how Hillary may want these delegates to remain unavailable to her, as a way to continue pressing her case all the way to the convention. Sigh.

More Reasons To Like Obama

Ars has an article Previewing McCain and Obama on geek issues that is a thoroughly good read. I find myself agreeing with Obama on everything from net neutrality to privacy rights. I find it interesting that Republicans like to run as advocates of individual liberties but are the ones pushing laws that restrict them the most.

One gripe though: these are issues that are important to everyone. To call them “geek” issues implies that they are only of interest to some, and thus cheapens them. Ars ought to have a better title for their article.

Clinton Voters on Barack Obama

Some TV network did some interviews with West Virginia voters at the time of their primary. The Daily Showpicked up on it (click link for video). Among the comments:

“I guess because he is another race. I’m sort of scared of theother race because we have so much conflict with them.”

“He’s Muslim and that has a lot to do with it.”

“I don’t like the Hussein thing. I’ve had enough of Hussein.”

The segment on this starts at 1:03 into the video, and the comments start at 1:45.

By the way, if you think Obama is Muslim, check out IsBarackObamaAMuslim.com. (Though it won’t comment on the separate question of why it matters).

Sigh.

How to Start Bicycling to Work

Yesterday, I wrote about bicycling to work, pointing out that it’s a safe, inexpensive, way for many people (including office workers without access to showers) to get to work. There were a lot of thoughtful comments there too.

Today I’d like to provide some tips for getting started commuting on a bicycle. As I’m just getting started on this, these are mainly things I’ve learned from poking around online, so I’ll be including lots of links.

The Bicycle

This varies from person to person, but as a general rule: if you have a very short ride — say a mile or less — you can probably just use any old bike and a bicycling helmet. Don’t try to use a motorcycle helmet. It won’t vent your head, so you could overheat. Also, it won’t be comfortable.

Most people will have a longer ride and will want to get a bike that works specifically for them. Each model of bicycle comes in different frame sizes. It’s important to get a bicycle that is the right size for you. Also, you’ll want to get a quality bicycle that will let you be fast and won’t break down along the way.

For all these reasons, I — and every single other person I’ve ever seen talk about this — highly recommend that you buy your bicycle from a bicycle shop. Don’t buy a bicycle from a “big box” store like Walmart or Target. They may be cheaper up front, but you’ll pay for it in the long run because they won’t last as long, won’t fit you as well, and may even be unsafe. Bike shop staff will help you find a bike that fits you, which is important for avoiding aches and pains and even injury. They’ll be able to help you find appropriate accessories for your bike, as well as repair it. Here is a helpful article on this topic, written by a bike shop.

Generally speaking, bike shops can repair bikes bought at any other bike shops. However, they can instantly recognize bikes bought at big box stores. Many will repair those too, but some refuse to work on some of those bikes on the grounds that it is impossible to bring them to the level of service they expect their mechanics to do.

Aches and Pains

With any sport, when you start it, you can expect a little bit of aches and pains at first, as you start using muscles that you may not have really used at first. Bicycling is no exception, but it’s easy to deal with.

Your first stop if you have aches and pains might be the where does it hurt page. It provides detailed, helpful advice. There are also some common things that go wrong for people.

First on the list is wrong size of bike or improper adjustment of your bike. You want a bike frame that is the right size for you, and you want the seat and handlebars adjusted properly for you. A bike shop can help you get this done easily. If your feet can reach the ground while you’re on the seat, you almost certainly have the seat too low, which is a common mistake.

Sometimes the way you position yourself on the bike, or your technique, could be to blame.

Also, clothing can be a problem. A good place to start here is with some cycling shorts. Another common complaint from new cyclists appears to be blisters on the feet. This can be caused by improper positioning on the pedals, or by using the wrong type of sock. Typical socks absorb moisture and trap it next to the skin; bicycling socks will wick it away and let it evaporate. In fact, cycling clothes: socks, shorts, and jerseys (shirts) are all designed to wick moisture away from you and let it evaporate, which keeps you cooler and more comfortable. Bicycling gloves are cheap and can help your hands stay comfortable.

Expense

You can easily save thousands of dollars by riding a bicycle instead of driving a car. Bicycles do need periodic maintenance, just like a car. Usually you can do a lot of that yourself. It probably will pay off to take your bike in to the shop for an annual tuneup. If you have no bicycling equipment at all, and buy your equipment at a bike shop new, you can probably get started for around $500. Even that will probably pay for itself in less than a year if you average riding your bike at least a few times a week.

Safety

Safety on a bicycle can usually be summed up with three rules: be visible, be predictable, and ride with traffic.

Unless there are dedicated bicycle-only lanes or paths, the safest way (in the United States) to ride your bike is on the road, riding with traffic (acting like a car). Don’t ride on a sidewalk, and never ride against traffic. This may sound counter-intuitive, but it is backed up by solid research. It all has to do with being predictable. Nobody is looking for something the speed of a bicycle to emerge from a sidewalk to cross a road or driveway. Sidewalks often aren’t that visible and frequently don’t provide enough room to pass. Sidewalk-riding cyclists get into accidents all the time with cars backing pulling out of driveways, making turns, or even just driving down a road where the cyclist cuts in front of them to cross a street.

A great book for learning how to ride in traffic can be viewed free online: the Bicycling Street Smarts book. There are also some safety videos online that are helpful.

Staying visible is certainly important. In some places, like cities where cyclists are common, drivers are going to be on the lookout for you already. In my case, I’m riding on rural roads that have some hills, where cyclists are rare, so I’m putting extra effort into this.

Staying visible in the day or at night starts with high-visibility clothing. A “screaming yellow” jersey or an ANSI safety reflective vest (less than $10) are good ways to do that. Several people recommend a Cateye TL-LD1100 flashing tail light for use at night, or even for daytime use when visibility is critical (such as my situation). If you will ever ride at night, laws require you to have the proper reflectors on your bike. And, you must also have a white headlight that does not cover up your front reflector (in some locations, you may also be required to have a red tail light that doesn’t cover up your reflector). Companies like Cateye carry those products as well.

Other tips: avoid drainage covers; they sometimes have slats that a bicycle tire could fall into.

Accessories

Here are some suggestions you might consider as a commuter.

Start with pannier bags. They mount over your rear tire and are cooler for you than a backpack because your back can still breathe. They’re more aerodynamic than a front basket. You can get bags suitable for carrying papers, laptops, a change of clothes, etc.

Next on your list might be a bicycle lock, to help keep it from being stolen. Your local bike shop can make suggestions here.

You might want to consider a spare inner tube (about $5) and tire-changing tools (also about $5) to carry with you in your bag. You wouldn’t want to have to walk 5 miles if you get a flat.

Along with that goes an air pump. I suggest a frame pump — it’s a small pump that can clip on to your bicycle’s frame, so you always have it handy. Obviously you will need this if you have to change a tube, but it could be handy even if you don’t.

You can find some more suggestions from bicycling.about.com and from Mike or your local bike shop.

Where to buy

Besides your local bike shop, you can buy a lot of accessories online. I wouldn’t suggest buying a bicycle online, because you really want to get a good fit at a bike shop.

When I asked at bikeforums.net, readers suggested three online stores:

www.pricepoint.com
www.bikenashbar.com
www.performancebike.com

You can also find some bicycling accessories at general-purpose stores like Amazon or sporting goods stores like REI. I personally wouldn’t recommend local “big box” sporting goods stores any more than I would Walmart or Target for this stuff, though.

More info

For more information, check out my bicycling links at del.icio.us.

Bicycling to Work

We hear a lot these days about the price of gas, energy efficiency, and the like. But, in the United States, outside of a few progressive cities, there aren’t a lot of people that are using the ultimate zero-emissions transportation technology: bicycles.

That’s really too bad, because bicycles are a lot cheaper to operate than cars even before you consider gas prices. They also are great exercise and are probably faster, safer, and more convenient than you think.

I live about 10 miles (16 km) from work, which includes several miles on sand roads. I haven’t bicycled in about 6 years. Last week, I got my bicycle out, touched it up a bit, and started riding. Sunday I rode in to work and back as a test. As soon as I get a bit of gear (hopefully by the middle of next week), I plan to start riding bike to work at least 3 days a week.

I’ve picked up some tips along the way. Let’s talk about a few of them.

Safety

Many people think bicycling is dangerous. In fact, bicycling is about as safe as driving an SUV. Not only that, but only 10% of bicycling accidents occur when you are hit from behind (and 90% of those produce only minor injuries). It turns out that the vast majority of bicycling accidents occur because people are not riding on the road with traffic, or are acting unpredictably. Following some basic safety advice can make you safer in a bicycle than an SUV. Oh, and don’t drink and ride; 24% of fatal bicycle accidents involve an intoxicated rider.

Distance

Think it’s too far? Think again. It’s fairly easy for an untrained, unfit person to ride a bicycle up to 10 miles without working hard at it. That can probably be done in about an hour. As you get more fit and used to the bike, you may be able to go that distance in half that time. Also, get pannier bags for your bicycle. They attach in back and let you carry work clothes, laptops, etc. without having to use a backpack.

Smell

Many people with office jobs are concerned about this. Not everywhere has a convenient shower. Check out these tips from the Tips and Tricks for Biking to Work manual.

I’m excited about it, and will be sure to post more here on how it goes.

Thoughtfulness on the OpenSSL bug

By now, I’m sure you all have read about the OpenSSL bug discovered in Debian.

There’s a lot being written about it. There’s a lot of misinformation floating about, too. First thing to do is read this post, which should clear up some of that.

Now then, I’d like to think a little about a few things people have been saying.

People shouldn’t try to fix bugs they don’t understand.

At first, that sounds like a fine guideline. But when I thought about it a bit, I think it’s actually more along the lines of useless.

First of all, there is this problem: how do you know whether or not you understand it? Obviously, sometimes you know you don’t understand code well. But there are times when you think you do, but don’t. Especially when we’re talking about C and its associated manual memory management and manual error handling. I’d say that, for a C program of any given size, very few people really understand it. Especially since you may be dealing with functions that call other functions 5 deep, and one of those functions modifies what you thought was an input-only parameter in certain rare cases. Maybe it’s documented to do that, maybe not, but of course documentation cannot always be trusted either.

I’d say it’s more useful to say that people should get peer review of code whenever possible. Which, by the way, did occur here.

The Debian maintainer of this package {is an idiot, should be fired, should be banned}

I happen to know that the Debian programmer that made this patch is a very sharp individual. I have worked with him on several occasions and I would say that kicking him out of maintaining OpenSSL would be a quite stupid thing to do.

He is, like the rest of us, human. We might find that other people are considerably less perfect than he.

Nobody that isn’t running Debian or Ubuntu has any need to worry. This is all Debian’s fault.

I guess you missed the part of the advisory that mentioned that it also fixed an OpenSSL upstream bug (that *everyone* is vulnerable to) that permitted arbitrary code execution in a certain little-used protocol? OpenSSL has a history of security bugs over the years.

Of course, the big keygen bug is a Debian-specific thing.

Debian should send patches upstream

This is general practice in Debian. It happens so often, in fact, that the Debian bug-tracking system has had — for probably more than a decade — a feature that lets a Debian developer record that a bug reported to Debian has been forwarded to an upstream developer or bug-tracking system.

It is routine to send both bug reports and patches upstream. Some Debian developers are more closely aligned with upstream than others. In some cases, Debian developers are part of the upstream team. In others, upstream may be friendly and responsive enough that Debian developers run any potential patches to upstream code by them before committing them to Debian. (I tend to do this for Bacula). In some cases, upstream is busy and doesn’t respond fast or reliably or helpfully enough to permit Debian to make security updates or other important fixes in a timely manner. And sometimes, upstream is plain AWOL.

Of course, it benefits Debian developers to send patches upstream, because then they have a smaller diff to maintain when each new version comes out.

In this particular case, communication with upstream happened, but the end result just fell through the cracks.

Debian shouldn’t patch security-related stuff itself, ever

Well, that’s not a very realistic viewpoint. Every Linux distribution does this, for several reasons. First, a given stable release of a distribution may be older than the current state of the art upstream software, and some upstreams are not interested in patching old versions, while the new upstream versions introduce changes too significant to go into a security update. Secondly, some upstreams do not respond in a timely manner, and Debian wants to protect its users ASAP. Finally, some upstreams are simply bad at security, and having smart folks from Debian — and other distributions — write security patches is a benefit to the community.

Imagine 1

Imagine, for a moment, that you are a young man in your 20s, trying to make your way in the world. You are married and have a young daughter, just old enough to start to talk. You live in a run-down neighborhood, long passed-over by any economic advances. What schools you had access to barely taught anyone much. The few jobs you can reach have fierce competition, even though the pay is low. You worry about your health, but even more about that of your wife and child. Finding food is a constant concern. Although you are still healthy now, and you are willing and able to be a hard worker, there is simply nobody hiring people in your area. Not to mention the gunfights that erupt between gangs or drug dealers. Oh, and did I mention that your wife is 4 months pregnant?

Your top priority is to do your best to keep your family safe. You’re afraid that your whole family will starve, or be killed by an errant bullet. You’ve tried for a long time — it seems like forever — to do everything you can think of, with no success. Finally, you decide that the only way you can have the hope for a better life is to move somewhere where the economy is better, and the drug dealers are fewer.

But moving hundreds or thousands of miles away is no easy task when you have no money to move. Somehow, with some luck, ingenuity, and tenacity, you have finally managed to find a way. You have no job offer in your new town, but conditions are so bleak at home that you just can’t risk staying there. So the three of you move 1500 miles away.

You arrive with no money, no apartment, and don’t know anybody. But you’re a hard worker, and have talked yourself into a job. It pays what passes for minimum wage in your new home, but it’s a fortune compared to what you made before. It’s backbreaking work, and you work long hours. But soon you can afford a cramped apartment, and keep your refrigerator stocked with food. What a luxury!

Pretty soon your new baby son is born. You can afford to feed him, your daughter, your wife, and yourself, every day. When you’re really lucky, you even have some money left over to send to your brother back home, who is still struggling to make ends meet there. You seem to have climbed the first rung on the American Dream ladder.

Years pass. Your old home becomes a memory; your daily life revolves around new struggles now. Your oldest child is in school, your wife finds part-time work sometimes too, cleaning houses for rich people. You’ve been laid off several times, your income isn’t guaranteed, and the others in your new home don’t take kindly to strangers — and they still think you’re one. But it’s better than flying bullets and never knowing where your next meal will come from.

Then one day, while you are at work, federal agents show up. You are arrested and taken to jail. Agents show up at home, too, arresting your wife. It turns out that they realized you entered the country illegally from Ecuador those years ago. Meanwhile, your wife wonders what will happen to your son that was playing in a neighbor’s yard while she was arrested, or to your daugther that was at school.

After months in jail, with little contact with each other, and poor medical care, the government decides to deport you to Mexico. Why Mexico? Well, it’s cheaper, and there’s no documentation showing where you came from. Apparently you “look” Mexican, and they don’t believe your story.

After months in jail with no income, you are once again bankrupt. A government bus takes you to Mexico and drops you down someplace there, with your wife and your oldest child. Your younger child was born in the United States, and so is an American citizen and can’t be deported. But the government isn’t going to give him a free ride on a prison bus (and Mexico wouldn’t take him anyway, since everyone knows he’s American). You have no idea where he is. You have no idea how you’re going to find food in Mexico, no idea how to find your son, no idea where to find refuge from the ever more prevalent drug dealers. Meanwhile, the Americans think you’re scum because you wanted to protect your family, and it’s going to be much more difficult to get back in to try to reunite your family.

This story is based on true events.

It’s truly easy to demonize illegal immigrants, isn’t it? Easy to round them up by the thousands, easy to build a bigger fence, easy to lock them away.

Sometimes it seems like this nation built on freedom, supposedly on Christian values, has lost sight of compassion for the lowly. In this country, we would throw in jail parents that didn’t do everything humanly possible to find food for their children. We also throw in jail parents that grew up in other countries that are just doing the same.

How sad that we have people going on TV, suggesting we round up millions of Americans that happened to come here illegally, breaking up millions of families, creating an immense foster child problem, a human tragedy on a mass scale. How incredible that some of these people on TV wear the title “senator” or “candidate for president”. How stupid do they think we are, suggesting that a poor South American family would somehow be able to navigate the arcane American immigration system and wait the 15 years to get here legally, if they manage to come up with all the necessary money somehow?

Politicians have been pushing our buttons for too long. We aren’t a nation of selfish hoarders; we came together through tough times, survived the Depression, put in place the Berlin Airlift that saved countless lives in West Berlin. But the thought of someone with darkish skin coming to this country and building highways is enough to send some people looking for a rifle.

I hope that we will someday do better.

Towards Better Bookmark Syncing: del.icio.us and diigo

I use Firefox (well, Iceweasel) from several machines. On a daily basis, at least three: my workstation at home, my workstation at work, and my laptop. I have wanted to have my bookmarks synced between all three of them for some time. I’ve been using unison to sync them, which mostly works. But firefox likes to store a last-visited timestamp in bookmarks.html, so if I have a browser open at more than one place, I get frequent unison conflicts.

I started searching for better alternatives again, and noticed that the new alternative del.icio.us plugin for Firefox supports a del.icio.us version of the traditional Firefox Bookmarks Toolbar. I use that toolbar a lot, and anything I use in place of standard Firefox bookmarks absolutely must support something like it.

I imported my Firefox bookmarks (about 900 or so) into del.icio.us. They arrived OK, but flattened, as del.icio.us doesn’t have a hierarchical structure like Firefox does. After a good deal of experimentation, I have mostly gotten it working how I want. I’m using the bundles mode of the extension toolbar in Firefox, and simulating subfolders by using certain tags. It works fine; not quite what I’d want out of it ideally, but everything else is so much better that I’m happy with it.

The social bookmarking aspects of del.icio.us sound interesting, too, but I haven’t started trying to look at that stuff very much yet. Delicious also has a new “Firefox 3” extension that also is documented to work fine in Firefox 2. It has a few new features but nothing I care all that much about.

My main gripe at this point is that the Firefox extension doesn’t allow me to set things as private by default. It also doesn’t propogate my changes to the site immediately, which led to a considerable amount of confusion initially. On the plus side, it does do a synchronization and store a local cache, so I can still use it offline to load up file:/// links.

Some things about del.icio.us bug me. There are very limited features for editing things in bulk (though Greasemonkey scripts help here). It has a published API, but seems quite limited (I couldn’t find out how, in their documentation, to add a tag to an existing bookmark, for instance.)

del.icio.us lets you export all your bookmarks, so you have freedom to leave. Also, if you poke around on freshmeat.net, you can find Free Software alternatives that actually emulate del.icio.us APIs and sites.

I also looked at alternatives, and it seems that the most plausible one is Diigo. But I’m going to refuse to use it right now for two reasons: 1) its Firefox plugin has nothing like the Firefox bookmarks toolbar, and 2) its hideous Terms of Service. If you go to their ToS and scroll down to “Content/Activity Prohibited”, you’ll see these gems:

6. provides any telephone numbers, street addresses, last names, URLs or email addresses;

7. promotes information that you know is false or misleading or promotes illegal activities or conduct that is abusive, threatening, obscene, defamatory or libelous;

11. furthers or promotes any criminal activity or enterprise or provides instructional information about illegal activities including, but not limited to making or buying illegal weapons, violating someone’s privacy, or providing or creating computer viruses;

So, in other words, they can delete me account if I bookmark the Amazon.com contact page, or if I bookmark the opinions of someone I disagree with. Good thing the Vietnam War protesters in the 70s didn’t use Diigo, because they’d be kicked off if they wrote about their sit-ins at Berkeley. Also, I didn’t even quote the other section that says they get to remove anything you post that they think is offensive, in their sole judgment. Goodbye, links to EFF’s articles about RIAA.

Since we can’t use last names, I guess it’s just “Hillary” and “John” instead of “Clinton” and “McCain”. Oh, and don’t get me started about the folly of operating a social bookmarking site where you aren’t allowed to post URLs. That’s right up there with Apple releasing a Windows version of Safari that you aren’t allowed to install on PCs.

Compare that to the del.icio.us terms and privacy policy and the contrast is stark indeed.

DjVu and the scourge of the PDF

A little while back, I wrote a blog post called DjVu: Almost Awesome, where I pointed out the strengths of the three DjVu family of formats, but lamented the fact that there was no Free Software to create DjVu files in the most interesting format, DjVu Document.

Well, now there is: pdf2djvu is out and works, and it’s been ITP’d to Debian, too.

As a very quick recap, DjVu is a family of raster image codecs that often creates files much smaller than PDFs, PNGs, TIFFs, etc. It has a ton of advanced features for things like partial downloads from websites. It’s pretty amazing that a raster format can create smaller files than PDFs, even at 300 or 600dpi resolutions in the output. Of course, for some ultra-high-end press work, PDF would still be needed, but DjVu is quite compelling for quite a few uses. Since it is a raster format, it is simpler to decode and is not subject to local system variations, such as installed fonts, like PDF is.

Which brings me to the scourge of PDF. Recently we got a trouble ticket at work from someone saying there was a bug with our Linux environment because Linux users didn’t see the correct results when they opened his PDF file. A quick inspection with some of the xpdf utilities (pdffonts, to be specific) revealed that the correct fonts were not embedded in the file. The user didn’t believe me, and still wanted to blame Linux, saying that it worked fine on his PC with Acrobat. So I tried opening the file on a Windows 2003 terminal server, and it looked worse there than it did with any Free Linux viewer — really quite terribly corrupted. He still wasn’t entirely convinced, until he happened to try printing the file in question, and even Acrobat couldn’t print it right.

PDF was supposed to be a “read anywhere” format that produces exact results. But it hasn’t really lived up to that. Font embedding is one reason; the spec lists a handful of fonts that are allowed to not be embedded, but it is routine for some reason to violate that and fail to embed quite a few more. Then you have to deal with font substitution on the receiving end, which is inexact at best. Then you have all sorts of complex differences between versions, and it becomes quite the mess. (And don’t even get me started on broken PDF editors, such as the ones Adobe sells…) Somehow, quite a few people seem to have this idea built up in their heads that PDF is both an exact format, and an editable format, when really it is neither. (Last week, I was asked to convert a PDF file to a Word document. Argh.)

DjVu keeps looking more and more pleasant to my eyes.