Older blog entries for mbrubeck (starting at number 101)

25 Jul 2007 (updated 26 Jul 2007 at 02:24 UTC) »

Retiring from Debian

In response to the inactive developer ping, I have decided to retire from the Debian project. Between my job and the new baby, my time for hacking on other projects is nonexistent, or possibly negative. I have already passed Audacity maintainership to the debian-multimedia team.

I still use and like Debian, and I hope someday I'll return from "emeritus" status to become an active developer again.


While browsing through some very old backup files, I rediscovered one of my first real software projects, an IRC client for BeOS. This was a neat collaborative effort, but we weren't really on the ball with project hosting or version control. This is from a file I wrote documenting what was left of the project after it stopped:

Cyclone was started in spring 1998 by a group of developers who hung out in the #bedev channel on EFNet. The original Cyclone team included Jason Gosnell (Avatar), Jeff Hamilton (Pyrus), Matt Lewinski (mattl), John Wiggins (prok), and Matt Brubeck (mgb), with contributions from several other #bedev regulars.

The Cyclone project produced a small, elegant IRC client. Unfortunately, the team dissolved as several members moved around the country to go to new schools or jobs at the end of summer 1998. Along with the loss of some important pieces of source code, this prevented Cyclone from ever seeing a public release.

I also found some poetry I wrote in middle school, but it's compressed using a version of StuffIt that does not seem to be compatible with any open source tools. This is probably a good thing.

Check out this black and white digital back for medium-format cameras. Why aren't there any dedicated black-and-white sensors available in compact digicams or DSLRs? The sensor would have much more light to work with than a color sensor with a Bayer filter. It would also be able to use colored filters without throwing away so much information.

It would be a niche product for sure, but it would be perfect in something like the Ricoh GR-D or the Sigma DP1. The people buying those cameras are already sacrificing flexibility (both have fixed prime lenses), and many of them are street photographers and shoot primarily black and white already. Wouldn't a dedicated black and white sensor improve dynamic range and sensitivity for available-light shooting?

Add this to my DMD wishlist. Not that I could actually afford it if it existed.

My toy is cheaper than yours.

My recent purchases:

15 Apr 2007 (updated 22 Aug 2007 at 16:00 UTC) »

A hacker remembers

This story by David Humphrey from last week really hit home:

She told about how my grandfather made his living repairing radios, toasters, fans–anything and everything electrical. He’d only received a 4th grade education in Scotland, before he had to start earning a living to support the family. She described how their entire house, with its mechanical and other systems, was kept working through his creativity and persistence. When the well pump went, he made a new one out of parts from three others…

David could have been describing my own grandfather, who died last month. I knew him as Ojiichan ("Grandpa"). A child of immigrant farmers, his formal education stopped after the sixth grade. As a young man during the internment, he took a correspondence course in radio repair, and after the war started a life-long career in electronics. He worked on electronics at home too, building projects like a cruise control for his own car. Almost up until his death at 93, he lived alone, still drove, and still flew every year to keep his pilot's license up to date. At his memorial service, his family remembered his love of tricky, hard-to-solve problems.

Many of Ojiichan's children and grandchildren have grown up to be engineers, but few of us could do some the things he did. He was a lively embodiment of the hacker spirit.

9 Apr 2007 (updated 9 Apr 2007 at 10:10 UTC) »
lkcl: Ratings and reports are explained in the Advogato FAQ, by the way. One thing I can't tell whether you realized or not: The report at /rating/report/lkcl does not show what other people think of your diary. It shows what you (and the people you certified) think of other users' diaries.

The lumpiness of the histogram is because most users don't use the full range of ratings. And since confidence scores fall off exponentially by network distance, your confidence-weighted histogram will be skewed toward ratings given out by yourself and people you directly certified. For example, I tend to rate most diaries between 4 and 9, so I expect my report to be skewed toward those values.

Planet Venus as a personal home page

Planet Matt is my shiny new home page, based on the Planet Venus feed aggregator. It displays my recent updates from Advogato, LiveJournal, Flickr, and elsewhere. It also provides a single feed for friends who want to subscribe to all of my updates without tracking down a username and feed for each new service.

This gives some of the same benefits as ClaimID or Red Hat's MugShot, but it runs at a domain I control, and doesn't depend on any one third-party service. As a bonus, the home page is also my new OpenID URL (using delegation).

Right now I'm using a slightly modified version of the "classic_fancy" theme that comes with Planet, plus some simple custom filters. I'm developing a new theme that will be more suited for use as a personal home page, which I plan to contribute back to Planet Venus for others to use. Let me know if you're interested.

YouTube suddenly seems a lot cooler than I thought it was. Anyone speak ASL?

I am a new maintainer. To celebrate, I uploaded Audacity 1.2.4b to sid.

My First Mozilla Security Bug

While playing around with JavaScript a few months ago, I discovered a potential privacy weakness in Firefox's form autocompletion. I submitted a test case to the Mozilla security team showing how an attacker could retrieve items from a user's form-autocomplete history without the user's knowledge. Now that Firefox 1.0.1 is out with a fix, you can view the complete bug report and test case.

This wasn't a serious vulnerability; exploiting it would require an attacker to fool the victim into interacting in a very particular way with a form on a malicious web page. Still, it illustrates a more general risk that can arise whenever a user agent modifies a web document; scripts can read information from the document that the user might not have intended to submit.

Combined with a cross-site scripting attack, this technique could allow attackers to capture keystrokes or field values from users filling out legitimate forms even on a secure web site. If I have time, I will try to put together a proof-of-concept of this idea.

92 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!