Older blog entries for etbe (starting at number 227)

BoingBoing and Licenses

Today I was thrilled to see that Cory Doctorow (who among other things wrote one of my favourite Sci-fi novels [1]) copied one of my blog posts on to BoingBoing.net [2].

Then I reviewed the licence conditions (which had previously been contained in the About Page and is now a post on my documents blog [3]) and discovered that I had not permitted such use!

In the second part of this post (not included in the RSS feed) I have the old and new license conditions for my blog content. My plan is that my document blog [4] will have the current version of such documents while this blog will have every iteration along the way.

The new version of my license explicitly permits BoingBoing to do what they want with my content. I don’t have any objection to what Cory did, and I would have been rather unhappy if he had sent me an email saying “I wanted to feature your post on BoingBoing but sorry you miss out because of your license”. But his procedure does not work well.

Now I am wondering, how do I construct a license agreement that permits my content to be used by big popular sites that give my blog new readers and my ideas a wider audience while denying the content to sploggers who just want to use my patterns of words for google hits? How do I permit my content to be used by people who contribute as much to the community as Cory but deny it to talentless people who want to exploit my work while contributing nothing to the world? How can I ensure that people who want to reference my work can learn about the licence conditions (the About Page apparently doesn’t work)? These are serious questions and I invite suggestions as to how to solve them.

The fact that I have forgiven Cory for not abiding by my license and granted him permission to do the same thing again whenever he wishes is not the ideal solution. For authors to find people who copy their work and respond with forgiveness or DMCA take-down notices according to who does the copying and the reason for it is a losing game and a distraction from the work of creating the useful content.

I understand the BoingBoing situation, they deliver summaries and copies of blog posts rapidly and frequently. Discovering conditions of use and asking for clarification from the authors (which may take days or weeks) would really affect the process. Also anyone who reads my blog would probably realise that I want to have such posts copied on sites such as BoingBoing.


Share This

Syndicated 2007-11-21 13:14:30 from etbe

RAID and Bus Bandwidth

As correctly pointed out by cmot [1] my previous post about software RAID [2] made no mention of bus bandwidth.

I have measured the bus bottlenecks of a couple of desktop machines running IDE disks with my ZCAV [3] benchmark (part of the Bonnie++ suite). The results show that two typical desktop machines had significant bottlenecks when running two disks for contiguous read operations [4]. Here is one of the graphs which shows that when two disks were active (on different IDE cables) the aggregate throughput was just under 80MB/s on a P4 1.5GHz while the disks were capable of delivering up to 120MB/s:

On a system such as the above P4 using software RAID will give a performance hit when compared to a hardware RAID device which is capable of driving both disks at full speed. I did not benchmark the relative speeds of read and write operations (writing is often slightly slower), but if for the sake of discussion we assume that read and write give the same performance then software RAID would only give 2/3 the performance of a theoretical perfect hardware RAID-1 implementation for large contiguous writes.

On a RAID-5 array the bandwidth for large contiguous writes is the data size multiplied by N/(N-1) (where N is the number of disks), and on a RAID-6 array it is N/(N-2). For the case of a four disk RAID-6 array that would give the same overhead as writing to a RAID-1 and for the case of a minimal RAID-5 array it would be 50% more writes. So from the perspective of “I need X bandwidth, can my hardware deliver it” if I needed 40MB/s of bandwidth for contiguous writes then a 3 disk RAID-5 might work but a RAID-1 definitely would hit a bottleneck.

Given that large contiguous writes to a RAID-1 is a corner case and that minimal sized RAID-5 and RAID-6 arrays are rare in most cases there should not be a significant overhead. As the number of seeks increases the actual amount of data transferred gets quite small. A few years ago I was running some mail servers which had a very intense IO load, four U320 SCSI disks in a hardware RAID-5 array was a system bottleneck - yet the IO was only 600KB/s of reads and 3MB/s of writes. In that case seeks were the bottleneck and write-back caching (which is another problem area for Linux software RAID) was necessary for good performance.

For the example of my P4 system, it is quite obvious that with a four disk software RAID array consisting of disks that are reasonably new (anything slightly newer than the machine) there would be some bottlenecks.

Another problem with Linux software RAID is that traditionally it has had to check the consistency of the entire RAID array in the case of an unexpected power failure. Such checks are the best way to get all disks in a RAID array fully utilised (Linux software RAID does not support reading from all disks in a mirror and checking that they are consistent for regular reads), so of course the issue of a bus bottleneck becomes an issue.

Of course the solution to these problems is to use a server for server tasks and then you will not run out of bus bandwidth so easily. In the days before PCI-X and PCIe there were people running Linux software RAID-0 across multiple 3ware hardware controllers to get better bandwidth. A good server will have multiple PCI buses so getting an aggregate throughput greater than PCI bus bandwidth is possible. Reports of 400MB/s transfer rates using two 64bit PCI buses (each limited to ~266MB/s) were not uncommon. Of course then you run into the same problem, but instead of being limited to the performance of IDE controllers on the motherboard in a desktop system (as in my test machine) you would be limited to the number of PCI buses and the speed of each bus.

If you were to install enough disks to even come close to the performance limits of PCIe then I expect that you would find that the CPU utilisation for the XOR operations is something that you want to off-load. But then on such a system you would probably want the other benefits of hardware RAID (dynamic growth, having one RAID that has a number of LUNs exported to different machines, redundant RAID controllers in the same RAID box, etc).

I think that probably 12 disks is about the practical limit of Linux software RAID due to these issues and the RAID check speed. But it should be noted that the vast majority of RAID installations have significantly less than 12 disks.

One thing that cmot mentioned was a RAID controller that runs on the system bus and takes data from other devices on that bus. Does anyone know of such a device?

Share This

Syndicated 2007-11-20 20:00:59 from etbe

Perfect Code vs Quite Good Code

Some years ago I worked on a project where software reliability should have been a priority (managing data that was sometimes needed by the police, the fire brigade, and the ambulance service). Unfortunately the project had been tainted by a large consulting company that was a subsidiary of an accounting firm (I would never have expected accountants to know anything about programming and several large accounting firms have confirmed my expectations).

I was hired to help port the code from OS/2 1.2 to NT 4.0. The accounting firm had established a standard practice of never calling free() because “you might call free() on memory that was still being used”. This was a terribly bad idea at the best of times and on a 16 bit OS with memory being allocated in 64K chunks the problems were quite obvious to everyone who had any programming experience. The most amusing example of this was a function that allocated some memory and returned a pointer which was being called as if it returned a boolean, one function had a few dozen lines of code similar to if(allocate_some_memory()). I created a second function which called the first, free’d any memory which had been allocated and then returned a boolean.

Another serious problem with that project was the use of copy and paste coding. A section of code would perform a certain task and someone would need it elsewhere. Instead of making it a function and calling it from multiple places the code would be copied. Then one copy would be debugged or have new features added and the other copy wouldn’t. One classic example of this was a section of code that displayed an array of data points where each row would be in a colour that indicated it’s status. However setting a row to red would change the colour of all it’s columns, setting a row to blue would change all except the last, and changing it to green would change all but the second-last. The code in question had been copied and pasted to different sections with the colours hard-coded. Naturally I wrote a function to change the colour of a row and made it take the colour as a parameter, the program worked correctly and was smaller too. The next programmer who worked on that section of code would only need to make one change - instead of changing code in multiple places and maybe missing one.

Another example of the copy/paste coding was comparing time-stamps. Naturally using libc or OS routines for managing time stamps didn’t occur to them so they had a structure with fields for the year, month, day, hours, minutes, and seconds that was different from every other such structure that is in common use and had to write their own code to compare them, for further excitement some comparisons were only on date and some were on date and time. Many of these date comparisons were buggy and often there were two date comparisons in the same function which had different bugs. I created functions for comparing dates and the code suddenly became a lot easier to read, less buggy, and smaller.

I have just read an interesting post by Theodore Ts’o on whether perfect code exists [1]. While I understand both Theodore’s and Bryan’s points of view in this discussion I think that a more relevant issue for most programmers is how to create islands of reasonably good code in the swamp that is a typical software development project.

While it was impossible for any one person to turn around a badly broken software development project such as the one I describe, it is often possible to make some foundation code work well which gives other programmers a place to start when improving the code quality. Having the worst of the memory leaks fixed meant that memory use could be analysed to find other bugs and having good functions for comparing dates made the code more readable and thus programmers could understand what they were looking at. I don’t claim that my code was perfect, even given the limitations of the data structures that I was using there was certainly scope for improvement. But my code was solid, clean, commented, and accepted by all members of the team (so they would continue writing code in the same way). It might even have resulted in saving someone’s life as any system which provides data to the emergency services can potentially kill people if it malfunctions.

Projects based on free software tend not to be as badly run, but there are still some nasty over-grown systems based on free software where no-one seems able to debug them. I believe that the plan of starting with some library code and making it reasonably good (great code may be impossible for many reasons) and then trying to expand the sections of good code is a reasonable approach to many broken systems.

Of course the ideal situation would be to re-write such broken systems from scratch, but as that is often impossible rewriting a section at a time often gives reasonable results.

Share This

Syndicated 2007-11-20 08:00:31 from etbe

Conditions of Sending Email

I have previously written about using a SMTP protocol level disclaimer to trump any legalistic sigs [1].

The conditions of sending mail to my server are now as follows:

  1. A signature will in no way restrict my use of your message. You sent the message to me because you want me to read it (it was not mis-sent, my mail server does not accept mis-addressed mail). I will keep the message as long as I like either deliberately or because I forgot to delete it.

  2. I reserve the right to publish any email that is threatening (including any threats of legal action). I don’t like being threatened and part of my defence is to publish such threats at an appropriate time. Anyone who is considering the possibility of threatening me should consider when their threat may re-appear.

  3. I reserve the right to publish any email that is abusive/profane, is a confession of criminal or unethical behaviour, or is evidence that the sender is a liar or insane.

  4. I reserve the right to forward all amusing email to my friends for their enjoyment.

My mail server will now provide the URL of this page to everyone who connects at the first stage of the SMTP protocol. When a mail server continues the connection that indicates acceptance of these conditions.

This doesn’t mean that I wildly forward email and business discussions are kept confidential of course. I expect that most people don’t keep mail secret when it matches the conditions in my list above, unlike most people I’m publishing the list of reasons.

Share This

Syndicated 2007-11-19 20:00:04 from etbe

19 Nov 2007 (updated 19 Nov 2007 at 10:07 UTC) »

WTF - Let’s write all the code twice

There is an interesting web site WorseThanFailure.com (with the slogan “Curious Perversions in Information Technology) that documents amusingly failed projects. The name used to be TheDailyWTF.com but changed due to the idea that for some projects success (interpreted to mean limping along in production) is worse than failure (being scrapped and re-written). I’ve created a new category WTF [1] on my blog to document such projects, both ones that I have personally witnessed and ones that friends and colleagues have seen.

In the 90’s I spent some time working on an OS/2 GUI program to be the front-end for a mainframe backed system used by call-center workers.

The first thing that they did was to develop a file naming scheme, they decided that all source files should be in the same directory (not unreasonable), but that 8.3 should be the limit of file name lengths in case there was a need to port the system to Windows 95. The fact that porting a program which did little other than display a GUI and talk to a S/390 server to a different OS was difficult (given the large amount of platform specific GUI code) was lost on them. Then they decided that the first two letters would be “FE” in case the source was merged with another bank project (of course the bank had many “Front End” systems talking to mainframes - so even this didn’t guarantee that they would be free of name clashes). Characters 3 and 4 were to represent the section of the program, and as the 3 character extension was one of “.h” or “.cpp” that left exactly 4 characters to name the file - we may as well have numbered the source files. Eventually one of the guys started making jokes about the file names by trying to pronounce them as words and that convinced a majority of the developers that the files should have long human-readable names. As the NMAKE expert (they insisted on not using unsupported software such as GNU make) it was my job to fix all the file names.

The bank had an internal users’ group for the C++ development environment, but the contractors were not invited to attend. You might think that it would make sense to have the most skillful C++ programmers attend the meetings and share their knowledge, but apparently attending such meetings was a perk of being a permanent employee.

What do you do when you have a C++ development project running behind schedule and a permanent employee who has had no prior exposure to C++ and wants to learn? One manager believed that assigning the junior programmer to the project is a solution to both problems - it was good for teaching the programmer C++ in a hurry but not so good for the deadline.

There was a lot of excitement related to the back-end development. The mainframe guys assured me that CICS could never handle bad data and it totally wasn’t their fault if my program sent bad data to them and the region crashed. The first CICS region crash occurred when the mainframe guys told me to make the unused space in text fields “empty” - to a C programmer this means filling them with the 0 character but it killed the CICS region (apparently “empty” means filled with spaces to CICS programmers). A later region crash came when they told me to change the field length for the account name everywhere that it occurred - they told me that they wanted the change immediately - so I changed a macro definition, ran “make”, and sent a transaction with the changed size. Apparently “immediately” really meant “after we have spent an hour of software development changing magic numbers throughout our system”. I’m assuming that COBOL has some facility that roughly compares to C macros for defining field lengths and that it was the programmers not the language that was at fault.

When the project became seriously behind schedule they hired some expert programmers from another country to help with the development. The experts decided that we needed to redesign the system (not that it had been designed in the first place) to use a “model view controller” architecture. When the real business logic is all on a S/390 and the only logic in the front end is to combine the contents of some screen-scrapes from a virtual 3270 terminal into a single GUI dialogue (with the first screen occasionally getting data from the IVR system) the benefits of MVC seem rather small. The new MVC version of the system was dubbed “phase 2″ and there were a series of deadlines for changing over from “phase 1″ which were missed. So the original team of developers continued on their project without any help from the “experts”. The last report I heard (some time after leaving the project) was that Phase 1 had gone live in production while Phase 2 was still being developed (at that time Phase 2 had a year of development and Phase 1 had about 15 months).

The lesson to be learned from this is that management should only hire people that they can control. If you hire a consulting company and then let them do whatever they want (as opposed to solving the problem that they were hired to solve) then at best they will do no good and they may just slow things down.

One of the more memorable incidents was when the project manager was talking to his 2IC, he said “I think we’re really breaking ground, [pause] I’m breaking wind and we’re breaking ground”. My desk was a few meters from where the wind (and ground) were being broken, I unfortunately was able to verify that wind was being broken but was not as certain about the ground.

I did learn some useful things during this project, one was the fact that sample code from library vendors should not be trusted and ideally should be read from a print-out not pasted into the project source tree. The CTI library vendor had buffer overflows in their sample code. Another useful thing was the coin-tossing method of dispute resolution. If two good programmers have a disagreement about how to implement something tossing a coin is a quick way of resolving the dispute - this only works with two good programmers (in which case either idea will work).

The project in question was messed up in many ways. I may write another post in the WTF category about it.

Share This

Syndicated 2007-11-19 08:57:56 (Updated 2007-11-19 10:07:58) from etbe

Everyone Should Blog

At this month’s meeting of the Linux Users of Victoria [1] I gave a talk titled Everyone Should Blog (unfortunately the title was missed in the meeting announcement). I’ve been meaning to write about this but was finally prodded into writing by a ProBlogger post about overcrowding in the blog market [2]. Darren (the ProBlogger) suggests that the blog space is overcrowded, blogs are being sold for unreasonably high prices, and a bust similar to the dot-com bust may occur.

I agree that there is some over-commercialisation, and that for Darren’s core market (people who want to make money directly from blogging) this is a serious issue to consider.

However I believe that there is a lot of scope for more blogs. Firstly all of the services in the social networking space seem to have some feature that resembles a blog in some way (the online diary if not the RSS feed part of the definition). I have previously blogged about some ideas for an open social networking system [3]. A reform of the social networking scene should have the possibility of adding even more users and having them all be bloggers. While not everyone is capable of writing a blog that is of interest to a large audience, everyone who is capable of writing is capable of writing (or contributing to) a blog that is of interest to some people.

The next potential area for expansion is in sales/marketting blogs. An example of this is car sales, it seems that every web site run by a car manufacturer only has information on the current model and at best only has information on prices of second-hand cars. There is a real need for authoritative information on older cars, it helps customers and it helps the car companies. If Ford was to provide good information on the cars they manufactured a few years ago it would increase the chance that I would buy a second-hand Ford and if enough people made similar decisions then it would increase the prices of such cars (basic rules of supply and demand). Increasing the second-hand price increases the price that people are prepared to pay for new cars and also allows them to buy a new car sooner - both of which are benefits to the manufacturer. It wouldn’t be difficult to use a blog server for all the information on new cars, you could have a front page that lists the available marques and links to the posts announcing the latest models of those marques. With a small amount of work writing a theme you could have Wordpress giving an appearance that’s almost indistinguishable from any of the major car companies web sites - apart from the fact that every car’s technical data would have a permanent URL of the form www.carcompany.com.au/2007/MARQUE/CODE which would be obviously a permanent link (unlike the Java servlet and ASP URLs you currently see) and therefore would encourage deep links by enthusiasts. This would also give RSS feeds for free (I would be interested in adding RSS feeds for several of the Australian car companies to my Planet installation if possible).

A final benefit is the issue of ethics. When car companies remove data about cars they sold the previous year you have to wonder whether they have unreasonable price increases or whether the new cars have some specs that are lesser than the current cars. The general trend is slow and steady increases in features and performance at each price point, the number of people who are more likely to buy from an ethical (trustworthy) company is probably greater than the number of people who will look for details to nit-pick (and such people will find out anyway).

Another use for blogs is for public events. It’s not uncommon for people to want to get some background information on an event that they attended years ago. If all the information was archived in the blog of the organisation that hosted the event then it would be easy for everyone to access. This would give additional promotion opportunities for the hosting organisation at almost no cost.

Anyone who is announcing a future event should have an RSS feed for new information related to it, then as information is released all the interested people can see it in their favourite feed reader. Many people refuse to subscribe to announcement lists due to fear of spam and the fact that it is often inconvenient or impossible to unsubscribe (sometimes a list server regards unsubscribe requests as spam).

Corporations have many potential uses of blogs, Google announces news about all their products via blogs and Microsoft has a good recruiting blog. Smaller companies can still achieve some of the same benefits via blogging. Also it’s well known that a blog which provides useful information about products in a field (not just the products being sold) can really attract potential customers who then react to the adverts in the blog. The same technique can be used by job seekers. Blog well and mention that you are looking for work and you will get offers of interviews.

There is also no shortage of political and lobbying blogs as well, they don’t tend to convince the opposition but they are good for converting people who are ambivalent about an issue. As the people who read blogs get older (and therefore richer and more influential) such blogs will become increasingly important.

I think that I have demonstrated the potential for a significant number of new blogs, some of which would have large subscriber bases and a lot of influence (which means a lot of potential profit for the Problogger crowd). Have I missed any major areas for developing new blogs?

Share This

Syndicated 2007-11-18 20:00:37 from etbe

Better Social Networking

When advogato.org was still cool I signed up to it. It was an interesting research project in skill metrics (determining the rating of people’s coding skills by the votes of others and weighting the votes by the rating of each person), and it was nice to be rated Master soon after I joined. I still use it on occasion for the blog syndication feature (when I find a good blog on Advogato I add it to my Planet installation).

When orkut.com was really cool (when every time I had dinner with a group of people someone would ask if they could be an “orkut friend”) I signed up to it. It was interesting for a while but then most people got bored with it.

Now there is Facebook and MySpace for social networking for social purposes and LinkedIn.com for business related social networking. I periodically get invited to join those services but have not been interested in any other than LinkedIn. I can’t join LinkedIn because their mail server is regarded as a SPAM source by my mail server but their web server refuses to provide any information on why this is (the rejection was apparently long enough ago that it’s rolled off my logs).

The problem with all these services is that I am expected to sign up with each of them and go to a moderate amount of effort in writing up all the data in the various web pages. Writing it is a pain, keeping it up to date is more pain, and dealing with spam in “scrap-book” entries in Orkut is still an annoyance which I don’t want to multiply by four!

So far the only step I’ve seen towards addressing this issue is the XFN - XHTML Friends Network [1] project. But that seems to be of fairly limited scope (just referring to the friendship status of people in a <A HREF link).

I believe that the requirements for social networking are:

  1. Personal data about each person, some of which may only be available to friends or friends of friends.

  2. The user owns their own data, has full control over where it’s sent and the ability to request people who receive it to keep some parts of it secret.

  3. Ability to send email to friends of friends (determined by the wishes of each friend and FOAF).

  4. Ability to get a list of friends of friends.

  5. Incorporation of a standard format for CVs (for business social networking).

I think that the only way to go is to have a standard XML format for storing all personal data (including financial, career, and CV data) that can be used on any web site. Then someone who wants to be involved in social networking could create an XML file for a static web server (or multiple files with different content and password protected access), or they could have a server-side script generate an XML file on the fly with a set of data that is appropriate for the reader. The resulting social network would be entirely distributed and anyone could write software to join in. This covers item 1 and part of item 2.

For sending email to friends of friends it would be good to avoid spam as much as possible. One way of doing would be requesting that friends publish a forwarding address on their own mail server in a manner similar to SRS [2]. SRS include the ability for such addresses to expire after a certain period of time (which would be convenient for this). In fact publishing SRS versions of friends email addresses would be a good option if you already use SPF [3] and SRS in your mail server. This covers item 3.

The XML format could include information on how far the recipient could transfer it. For example if my server sent an XML file to a recruiting agency with my CV it could state that they could distribute it without restriction (so that they can give it to hiring managers) with the possibility of some fields being restricted (EG not tell the hiring manager what I used to get paid). For my mobile phone number I could send it to my friends with a request that they not send it on. This covers part of item 2.

The URL for the friends file would of course be in the main XML file, and therefore you could have different friends lists published from different versions of your profile (EG the profile you send to recruiting agencies wouldn’t include drinking buddies etc). This completes the coverage of item 2.

Then to have a friends list you have a single XML file on a web server that has the public parts of the XML files from all your friends. This means that getting a list of friends of friends would involve getting a single XML file for each friend (if you have 100 friends and each friend has 50 unique friends on average then you do 100 HTTP operations instead of 5,000). Minimising the number of web transfer operations is essential for performance and for reliability in the face of unreliable web servers (there is no chance of having 5,000 random web servers for individuals all up and accessible at the same time). This covers item 4.

Item 5 is merely a nice thing to have which allows more easily replacing some of the recruiting infrastructure. As any such XML format will have several sections for arbitrary plain text (or maybe HTML) for describing various things the CV could of course be in HTML, but it would be good to have the data in XML.

I posted this in the “blog” category because blogs are the only commonly used systems where end users do anything related to XML files (the RSS and ATOM feeds are XML). A blog server could easily be extended to do these social networking systems.

As with a blog users could run their own social networking server (publishing their XML files) or they could use a service that is similar in concept to blogger which does it all for them (for the less technical users). Then an analogy to Planet, Technorati, etc in the blog space would be public aggregation services that compare people based on the number of friends they have etc, and attempts to map paths between people based on friends.

This could also include GPG [4] data such that signing someone’s GPG key would cause your server to automatically list them in some friend category. The XML format should also have a field for a GPG signature (one option would be to use a GPG sub-key to sign the files and have the sub-key owned by the server).

I don’t have any serious time to spend on implementing this at the moment. But if someone else starts coding such a project then I would certainly help test it, debug it, and contribute towards the XML design.

Share This

Syndicated 2007-11-18 09:03:18 from etbe

The Price of Food

If you live in a hotel for an extended period of time (which can provide significant career benefits - click on this link for details [1]) the issue of food price and availability is going to concern you.

If you are in a decent hotel you will have a fridge in your room that you can use for your own food. A recent trend downwards in hotel quality has been to use fridges that are stocked with over-priced drinks that have sensors and automatically bill you if you move any of the drinks. A good hotel will have a fridge that either has space for your own food/drink or which allows you to temporarily move their stuff out. If you are staying in a hotel for any period of time and the hotel is not run by robots then you should have the option to negotiate the removal of all the over-priced drinks to provide you space for your own food.

If you have such fridge space then you have good options for making sandwiches - which are cheap and healthy.

In UK hotels (which incidentally tend to not have a fridge in the room if they are affordable) the standard practice is to have breakfast included as part of the hotel fee. If you are flexible about your eating then you can eat a large breakfast and have a minimal lunch to reduce expenses.

Finally you have to consider how much you earn as an hourly rate (after tax) and compare it to the cost of food. For example if dinner at a cheap restaurant costs $10 and you earn $30 per hour after tax then you only need to save 20 minutes of your time by eating at the restaurant (as opposed to making a meal and washing the dishes) to make it economically viable.

I have previously written about the efficiency of work [2]. I think it’s reasonable to assume (in the absence of any formal studies on the topic) that when your efficiency of working decreases due to over-work your enjoyment of your leisure time is also reduced on a per-hour basis (in addition to having less leisure time). I know that some people enjoy cooking and consider it a leisure activity (my sister seems to be one of them [3]). But if cooking isn’t something you enjoy then you will probably feel that eating out is reducing the amount of “work” time and therefore increases the quality of your life and the quality of your work.

Finally for the time spent living in a hotel while searching for work (if you travel to another country without arranging employment first) the main financial factor is not how much you can save money on a per-day basis, but how quickly you can find work. The ability to accept a job offer from any region has the potential to significantly reduce the amount of time taken to find work and thus put you in a better financial position in the long-term. This benefit of living in hotels should significantly outweigh the extra expenses of eating out etc.

Share This

Syndicated 2007-11-17 18:15:29 from etbe

SE Linux in other Distributions

Recently a user has been asking about SE Linux support in MEPIS [1]. He seems to expect that as the distribution is based on Debian it should have the same SE Linux support as is in Debian.

The problem with derived distributions (which potentially applies to all variants of Debian, Fedora, and RHEL) is that the compilation options used may differ from what is required for SE Linux support.

If an application works in Debian then you can expect that it will work in all derived distributions. But SE Linux is not an application, it is a security extension to the OS which includes code in the kernel, login, cron, pam, sshd, logrotate, and others. For any one of these packages a maintainer of a derived distribution might decide to turn off features to save disk space or memory, or because they want to use features which don’t work well with them (due to functional differences or bugs). The maintainer of a derived distribution might even decide that they just don’t like a feature and disable it for that reason alone!

I believe that it is possible to use APT with multiple repositories and specify preferences for each repository. So it should be possible to use a source such as MEPIS for most packages but Debian (or my private repository of SE Linux back-ports [2]) for the packages which need SE Linux support.

That said, I am not sure why someone would want to use MEPIS with SE Linux. Currently the benefits of SE Linux are of most use for a server and MEPIS is a desktop focussed distribution. Debian works reasonably well for a desktop (it has worked well for me for most of the past 11 years), so it seems that Debian for a SE Linux desktop machine is a good choice and Debian is a better choice than MEPIS for a server.

Share This

Syndicated 2007-11-17 11:48:51 from etbe

Safe Banking by SMS?

Is it possible to secure Internet banking with SMS?

As secure tokens are too expensive ($10 or more in bulk) and considered to be too difficult to use by many (most?) customers banks have sought out other options. One option that has been implemented by the National Australia Bank and will soon be available from the Commonwealth Bank is SMS authentication of transfers.

The idea is that when you issue an online banking request you receive an SMS with a password and then have to enter that password to authenticate it. If you receive an unexpected password then you know you have been attacked. I wonder how much information is in the SMS, does it include the amount and where the money is to be transferred (in the case of a funds transfer - the operation most likely to be used by attackers)? If the full details are not included then an attacker could hijack an active session, get the user to enter the password, and then act as if the user entered the password incorrectly. The user would then request a new SMS and complete their desired transfer without realising that they just authorised a transfer to Russia…

If the full details are recorded will the user look at them? Online banking fraud often involves transferring the funds to an idiot in the same country as the victim. Then the idiot sends the money to the attacker in some other manner which is more difficult to track. I wonder whether an attacker could divert the funds transfer to one of the idiots in question and have the victim not realise that the wrong account number was used.

Another issue is that of SMS interception. Anyone who can hack the network of a phone company could steal money from any bank account in the country! For wealthy people there is also the possibility of stealing their mobile phone and making funds transfers before they report the theft. Another possibility is to register for a new phone company. Last time I changed phone companies it took about an hour for the new company to have the phone number and I don’t recall the phone company doing anything to verify that I owned the number in question. If an attacker had a credit card with the same name as the victim (names are not unique so this is not impossible or even inherently illegal) they could open a new phone service and steal the number. Someone who’s mobile phone stops working probably wouldn’t assume that it was part of a bank fraud scheme and act accordingly, in fact if they don’t use their mobile phone later it might be several days before someone contacts them in some other manner and mentions that they weren’t answering their mobile phone.

A final possibility is the situation where a mobile phone is connected to a computer. Devices that combine mobile phone and PDA functionality are becoming common. A trojan horse program that offered to do something useful when a mobile phone was connected to the PC via a USB cable might fool some users. All that would be required is a few minutes of the phone being connected if the attacker already has the password for online banking. Maybe they could even make it appear that the bank was demanding that the phone be connected to the PC - that should fool users who don’t understand how SMS authentication works.

It seems to me that SMS authentication is an improvement (it adds an external device which usually can’t be directly manipulated by the attacker) but is far from perfect security.

I previously wrote about the bad idea that you can bank with an infected computer [1]. SMS authentication is a good step towards making things more difficult for attackers (which is always a good idea) but doesn’t really secure the system. Also it costs 5 cents for each SMS, I expect that the banks will want their customers to pay for this - I would rather pay for a $10 token up-front.

Share This

Syndicated 2007-11-16 20:00:32 from etbe

218 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!