[ Home | Articles | Account | People | Projects | FAQ ]
If anyone uses statistics software of any sort (whether Excel, SPSS, R, SAS or anything), I would be grateful if you could help by completing a survey we have put up at SurveyMonkey. It shouldn't take longer than a few minutes to complete and there are only ten questions. Feel free to expand upon your answers if possible.
Thank you very much in advance to those who complete it.
btw, it's all for the open source software that we're producing. We're stuck for a name now.
The call for contributions invited
submissions of high-quality papers reporting original research, or describing innovative contributions to, or experience with, self-sustaining systems, their implementation, and their application.and my paper, as well as the technical details of the SBCL build, essentially argued for considering the user and developer community as part of the system: software is really just a parasite, but its host is not the hardware it's running on, but the humans who allow it to ‘reproduce’. (A related point was made by Ian Piumarta of the Viewpoints Research Institute, about the survival of the species rather than the individual being the important thing, in the talk before mine).
My talk was a bit rushed and confused, I think; it suffered from insufficient preparation time. What I was utterly flabbergasted by was the attendance: I was expecting a complement of about 12 people, maybe mostly the authors and their colleagues. Instead, there were about 70 people at the opening, and while some of those were local PhD students or other easy prey, there were still about 50 people attending the research talks. If I had expected that, I might have adjusted the material and the presentation a little bit, perhaps with a bit more advocacy (a captive audience is valuable, after all!), but at least in response to my audience poll, very few people confessed to being unfamiliar with Lisp, so maybe the advocacy would have been unnecessary.
In any case, I got some fair feedback, and I had the chance to have a nice chat with Kim Rose about the use of Squeak Smalltalk and related tools in education. Luke Gorrie introduced me to some other of his Smalltalk chums – that did seem to be the most popular language, based on a highly informal sample.
Dan Ingalls gave a demo of the Sun Labs Lively Kernel, which frankly makes my idea of writing a web backend for McCLIM simultaneously achievable and passé; a whole Morphic system built on SVG and Javascript, complete with animated stars and clocks with Roman numerals, is just the ticket at 9 o'clock in the morning. “Runs best in Safari 3 or Firefox 3.0 beta 5”.
The other talks were about implementing 3-lisp (a reflective dialect of Lisp), a Squeak VM in PyPy, Huemul Smalltalk, and Pico (an interpreted Lisp). It's very interesting to see the development of these systems; my main problem is that many of the presenters say things like “this implementation is not efficient (yet)” or “this implementation is incomplete at the moment” – this makes it very hard to judge whether the necessary future development will invalidate some of the nice things about the systems, such as their size, speed or dynamicity. I suppose that's in the nature of the research beast, though.
After all that, and some more chats, time to head off home (briefly, to rehearse for Arne's Judgment of Paris in the English Music Festival) before setting off again to Bordeaux and the European Lisp Symbolsium.
brian d foy in Barcelona
brian d foy is going to come to Barcelona next week. He will give a talk about Perl 6 to Barcelona.pm next Thursday 29 in the afternoon at the University of Barcelona. I'll post more details next week. Feel free to attend!
Euruko 2009 will be held in Barcelona
Barcelona is going to host the next European Ruby Conference 2009 (Euruko 2009), hoooray!
Spanish Ruby Users Group
The Spanish Ruby Users Group has been born as a byproduct of the effort to prepare the candidature of Barcelona for the Euruko 2009. There's a strong group of proactive people as founders of the group all over Spain, I am sure this will be an active and efficient association. I am honoured to have been elected president of the group.
Questions:
Postscript: I guess tailor can handle the project migration.
Martin Wolf's column for two weeks ago, Food crisis is a chance to reform global agriculture, argued that speculation is unlikely to have played much role in the ramping up of food prices, since food price inventories have been so low. So we shouldn't expect any sort of speculative unwinding of food prices: they are unlikely to "bounce down" in the way that stock markets have done. Instead the reason for high food prices has been rapidly growing supply not keeping up with even more rapidly growing demand (part of which is the growing demand for meat, particularly in China) and cost of inputs to agriculture, particularly oil.
Paul Collier's comment on Martin Wolf's article argues that a general acceptance of GM foods, particularly in Europe, and promotion of large-scale agriculture (ie. industrialised), particularly in Africa, is an important part of any effective response to high food prices. Just threw that in, in case this post was lacking in controversial assertions.
upgrading my Thinkpad T42
I have recently changed the hard drive of my 5 years old T42 Thinkpad laptop. I had a 30 gb hard drive and that was obviously not enough to compile all the things I want to compile. Just to give an idea, I want to have xorg and nemiver jhbuilds as well as OpenEmbedded and OpenMoko builds around. If you had the fact that I use ccache extensively, I really needed more disk space.Syndicated 2008-05-15 08:18:00 (Updated 2008-05-15 08:44:00) from Dodji
Using Git as a versioned data store in Python
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html><head><meta name="generator" content="HTML Tidy for Mac OS X (vers 31 October 2006 - Apple Inc. build 13), see www.w3.org"><title></title></head><body>Git has sometimes been described as a versioning file-system which happens to support the underlying notions of version control. And while most people do simply use Git as a version control system, it remains true that it can be used for other tasks as well.
For example, if you ever need to store mutating data in a series of snapshots, Git may be just what you need. It’s fast, efficient, and offers a large array of command-line tools for examining and mutating the resulting data store.
To support this kind of usage – for the upcoming purpose of maintaining issue tracking data in a Git repository – I’ve created a Python class that wraps Git as a basic shelve object. Here is how you normally use the standard shelve module:
import shelve
data = shelve.open('data.db')
# data.db may or may not have existed on disk before now. If not,
# We're Manipulating an Empty Dictionary. If so, we can examine or
# modify the previous run's state data. In both cases, the database
# is manipulated like a standard Python dictionary.
data[key] = "Hello, world!"
data.sync() # Write out changes to the dictionary
del data[key]
data.close() # Close and clean up, sync'ing only if necessaryThis provides the simplest kind of database, without any query language or notion of whether previous state did or did not exist. Both of those are services you’d have to layer on top of the shelve object if you wanted them.
Now consider gitshelve. Whereas the Python shelve module stores your data by pickling all of the dictionary values, I pass whatever data you place in the dictionary straight on to Git’s standard input. In the default mode, this means you work strictly with string data:
import gitshelve
data = gitshelve.open(repository = '/tmp/data.git')
data[key] = "Hello, world!"
Data.Sync() # Repository is created if it doesn't exist
del data[key]
data.close()The interface is identical, but with the Git version you can now examine the resulting repository’s yourself, using regular Git commands:
$ GIT_DIR=/tmp/data.git git logBy default, the commits have no associated comment text, but the sync method doesn’t accept parameters. If you wish to add transaction notes, use the commit method instead:
data.commit("This is a comment")You can store data this way either in a separate repository, or in named branches within any repository. If the repository argument is not given, the named branch within the current Git repository is used. An exception will be raised, however, if you do this and there is no Git repository related to the current directory.
# I'm expecting to use the 'data' branch of the current repository, but
# I ran the script in a directory unknown to Git!
data = gitshelve.open(branch = 'data')
# It appears to work, because no Git commands are run until the last
# possible moment
data['foo/bar/hello.txt'] = "Hello!"
# This raises an exception, because there is no current repository. To fix
# it, either run "git init", or use a specific 'repository' argument above.
data.commit("I just said hello")The really nice thing about using Git this way is that you get all of its best features for free.<h3 id="addednon-textvalues">Added non-text values</h3>
If you have a need to store non-textual values, you’ll have to let gitshelve know how to deal with them. I don’t do any such handling by default, because of the big chance of doing the wrong thing, and having you not find out about it until it’s much too late. Just pickling data like shelve does isn’t very smart, for example, because it will wreak havoc on Git’s merge algorithms should you ever need to incorporate new data from another source.
So, let’s see how to add a custom data translator. First, you need to subclass a new type of gitbook, which is the wrapper used to interface with the blobs in the Git repository. There are only two methods you need to override:
class my_gitbook(gitshelve.gitbook):
def serialize_data(self, data):
return object_to_string(data)
def deserialize_data(self, data):
return object_from_string(data)Now you must define object_to_string and object_from_string, which should examine the types of the objects passed and turn them into merge-friendly string as appropriate. Certain forms of XML work well for this job, as do ini-style configuration files in some cases. It’s up to you and what works best for your usage.
Once you have this new class type, you must pass it to the gitshelve.open function:
data = gitshelve.open(repository = '/tmp/foo', book_type = my_gitbook)Every time you open a gitshelve, it must walk through the assoicated branch and determine its contents in order to build the key/value relationships in the dictionary. If you find that this ever gets slow, what you can do is just pickle the gitshelve! The only caveat is that you must take care to delete it if the HEAD you created it from is different from the current HEAD. Here’s an example:
import gitshelve
import cPickle
import os
data = None
if os.path.isfile('data.cache'):
fd = open('data.cache', 'rb')
data = cPickle.load(fd)
# I'm using an arbitrary file name here, __HEAD__
if data['__HEAD__'] != data.current_head():
data = None # Out of date, we can't use it
if not data:
data = gitshelve.open(branch = 'data')
data['__HEAD__'] = data.current_head()
# ... for data sets with enormous quantities of tiny files, this
# could really speed things up ...The gitshelve module is being maintained as part of the git-issue project, which is yet another attempt to bring distributed bug tracking to Git. Actually, I tend to support multiple repositories as data backends, but right now Git is my initial focus. You can clone the project and test it out as such:
git clone git://github.com/jwiegley/git-issues.git
cd git-issues
python t_gitshelve.pyIf see “OK” at the end of the unit tests, you’re good to go! There isn’t much documentation on gitshelve.py itself right now, beyond this blog entry, but then again the shelve-like interface is simple enough that you really shouldn’t need much more.</body></html>
My Daily Tweets
Survey poll poll survey
Carmen posted a survey where people filled it in and entered their own answers, and you were supposed to post it in your own journal. But some of the questions weren't the most applicable to my friends list, and I thought there were others from other versions of the meme that would be better... and then I thought, how about giving you lot the chance to suggest some of those survey questions yourselves?My car, it gleams!
So I've been meaning for some time to get my car in for it's regular maintenance, and also to have it cleaned. It's been years since it had a solid cleaning, and currently I park it under a tree.fedora 9 for me so far
Here’s what I’ve seen that’s irked me in f9 thus far:
1. bug in yum which is now fixed upstream keeping yum from doing the right thing about conditionally installed pkgs in groups already being installed (silly). It’ll be in an update in testing tomorrow.
2. PK ignoring my preferences and annoying me about updates that I don’t care about.
3. _something_ makes firefox and liferea stall out for a long time. This may not be a bug - it may actually be my hard drive trying to die on me.
Things I’m quite happy with:
1. usb persistence may actually save my butt
2. pybackpack works still. (If you think this is not a big deal please see #3 in the above list)
3. We’re seeing some pretty phenomenal numbers of downloads and a lot of overall excitement about this release.
That’s what I have, thus far.
links for 2008-05-15
30
<description>And today, I finally turn 30. I've been grumpy about this day getting closer and closer for the last three or four years, which have passed in front of my eyes with me nearly not noticing.
The last year has had more downs than ups, and at times has been quite dark. I feel things are slowly getting better, and I spend more time looking forward than back, which certainly should help.
Tomorrow I'll hold a small party at home with some friends, but the big and proper event will be in September, when five or six people in our colla, born in 1978, will celebrate our 30<sup>th</sup> birthday, in a massive, weekend-long party already dubbed La festa dels excessos. You shouldn't miss this one!
Thanks to the many people who have phoned, texted or emailed me already. It reminds me that I'm surrounded by people who love me and were there when I needed them.</description>
Syndicated 2008-05-15 09:57:00 from I still don't have a title
Two meter handheld range
Syndicated 2008-05-15 05:15:00 (Updated 2008-05-15 05:31:49) from Kelly Martin
2008-05-15: jwz's collected bicycle wisdom
<!-- start of entry 200805/15 --> jwz's collected bicycle wisdomjwz has a remarkably insightful article about bike ownership. Notably, item #6 makes me feel better about getting my own bike stolen last summer:
Syndicated 2008-05-14 20:57:05 from apenwarr - Business is Programming
(*) All my machines are named after parts found in Babbage's analytical engine. My laptop's name is "lug".
Rate a CPAN module today!
One of the tough challenges facing someone new to Perl, or even someone who has been using it for years, is navigating the huge number of modules available via the Comprehensive Perl Archive Network (CPAN). CPAN is very comprehensive, with the little stats in the corner listing 6,500+ authors, 15,000+ distributions, and 55,000+ modules. That's a lot of code.
Unfortunately, being faced with so many options can be daunting. The search.cpan.org interface tries to show the most relevant results first, and seems to pay a good amount of attention to CPAN Ratings, and rightly so. In order for a module to be rated, someone has to get themselves a bitcard account (usually meaning they're a CPAN author themselves), use the module, and have the time and passion to write a review. This means that when such reviews do come in, they're highly relevant.
Unfortunately, not very many modules have been given reviews, and often those reviews are given to modules that already have a substantial number already, like DBI. Yet it's the modules that don't occur commonly in literature that need the reviews the most.
So, dear reader, today I wish to give you a quest. Go to CPAN Ratings, search for a module you use, and if it doesn't have a review, write one. That's it, just a single review. I don't care if you love the module or hate it, just let the world know how you feel. It can be a single sentence if you like. Heck, you can even critique one of my modules if you want. Just write a review.
If you don't know where to start, go to a piece of code you've worked on, or the tests for that code, and just look at the use lines. Trust me, you'll find something you care about. It may even be something that was so simple and easy to use that you had forgotten all about it.
Finally, if you're itching to start a new project, and need an idea, turn CPAN Ratings into a game, the same way it was done with the CPAN Testing Service and Kwalitee, or PerlMonks and their XP system. New reviews on a module give you +2 points, reviews on a module that already has reviews give you +1 point, each person who found your review useful gives you +1 point, and each person who didn't find your review useful gives you -1 point.
Home Wireless Network
Using OpenWRT with WPA-PSK 2 on Broadcom WLAN routers have been stuck on a quite old bug. Recently someone suggested that it may have been fixed in trunk, which caused me to test it. And it works!
It took some time to work out the details here. To save myself time to reconstruct the commands, and hopefully save you some time too, I wrote down how to use OpenWRT with two Asus WL-500g Premium linked together wirelessly using WDS and PSK2 encryption.
The writeup is long, so I put it on a separate page:
http://josefsson.org/openwrt/wlan.html.
If you are interested in using OpenWRT with a 3G connection, you may find my summer house internet writeup more useful.
Noooooooooooooooooooooooooooooo!
<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/1-aDlRJVYuI&hl=en"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/1-aDlRJVYuI&hl=en" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>Syndicated 2008-05-14 19:36:00 (Updated 2008-05-14 19:37:09) from John Levon
Today I got my second method working, String.hashCode(). Now I have conditional and unconditional branching, field access, array loads, a whole bunch of integer operators, and returning with a result implemented and (somewhat) tested. The bytecode coverage chart says I’m 50% done, but I don’t believe it.
GUPnP 0.10 released
- Use libsoup 2.4. [Zeeshan Ali Khattak, Jorn Baayen]Syndicated 2008-05-14 08:35:00 (Updated 2008-05-14 08:37:14) from zeenix
I still don't know why I'm here
I wasn't going to comment on the recent openssl security update, because too many people have already done so.
Personally I thought that Aigars Mahinovs made the best writeup I've seen so far.
However I would like to say that having 20+ people all mailing security[at]debian.org to say the webpage we referenced in the security advisory is currently blank is not useful, or ask for details already released in the advisory they replied to, or ask for even more details is not so much fun.
Having people immediately start mailing questions like "Huh? What can I do" is only natural, but you can't expect a response when things are as hectic as they have been recently. Ideally people would sit on their hands and bite their tongues. Realistically that isn't going to happen, and realistically this post will make no difference either...
Had the issue not leaked to unstable so quickly (and inappropriately IMHO) then we'd have had a little more time. But once an issue is reported you need to coordinate with other distributions, and etc. Handling something as severe as this is not fun, and random mails from users are a distraction, and a resource-hog.
I should say I was not in any way involved in the discovery, the reporting, the preparation of the fix(es), or the releasing of the update. I knew it was coming, but everybody else seemed to have it well in hand. When there are mails going back and forth for 5+ days with ever-growing Cc: lists, and mailing lists being involved I figure one more cook wouldn't be useful.
So in conclusion:
a. Bad hole.
b. Fixing this will take years, probably.
c. 50+ mails to the security team within an hour of the advisory going public complaining of missing information is not helpful, not useful, and quite irritating. (Albeit understandable).
d. People who don't know the details of an attack, or issue, shouldn't speculate and start panic, fear, and confusion. Esp. when details are a little vague.
e. I still like pies.
Once again thanks to everybody who was involved and put in an insane amount of work. Yes this is only the start - our users have to suffer the pain of regenerating everything - but we did good.
Really. Debian did good.
It might not look like it right now, but it could have been so much worse, and Debian did do good.
ObQuote: X-Men: The Last Stand
Rio and Upstart
Seen at Rio's place:
Fedora9のupstart、すごいんですけど...。さすがに組み込みみたいな速さでは無いけれど、これならサスペンドしなくても良いんじゃ...。
Which, in my very approximate translation means:
Upstart of Fedora 9 is great, mostly. As expected it includes no visible speed, so not using suspend is not good.
So, I guess that Rio expected improvements which would allow to stop suspending and they did not materialize... Which makes sense, but why the superlatives then? The title of the post was "upstartすげい!" with the exclamation mark. I would understand if he wrote that Upstart allowed him to end suspends, but no, "速さでない" is simple enough even for me to understand. Oh well, perils of international blogging.
Once I figured out that the control file syntax is documented in events(5) of all places, Upstart became rather tolerable, even welcome. I think that our famously poor bootstrap times (which are not that bad in Fedora when compared to other distros — I've seen real hard benchmarks — but are just bad for me as a user) have more to do with trying to execute too much crap. Upstart allows us to do it more efficiently, but it's a palliative.
UPDATE: piyokun comments that the right translation is more like "Of course it's not as fast as embedded (linux), but with (upstart) you can get by without suspending." So, the "shinakute" is like "doing", "mo" is change of state (he suspended before, but not anymore), "n" is explanation tag, and "ja" is uncertainty. Casual, of course. Oh, and "kumikomu" is a verb meaning "to incorporate". I had no idea that they had a native word for "embedded", instead of a katakanized borrowed word.
Syndicated 2008-05-14 07:35:27 (Updated 2008-05-14 17:48:31) from Pete Zaitcev
I am Pedantic Nerd Man.
Did anyone else catch the heinous copy editing mistake in the movie "Iron Man?" Hint: it was on one of the magazine cover shots at the award ceremony.
Zvkrq hc "ervaf" naq "ervtaf" ba gur _Sbeghar_ pbire.
Using Apache2 as a reverse proxy
It was years since I'd done this, and I'd forgotten everything about it but niq's article gets it all across nice and concise.Syndicated 2008-05-14 15:57:00 (Updated 2008-05-14 15:59:00) from Danny
Strategy on Strategies
![[SNR Event Welcome Slide]](http://mjr.towers.org.uk/writing/reflections/attachments/snrevent.jpg "Photo")
Anyone seen this before?
Today, I went to an event about the Sub-National Review Consultation (as a substitute for someone else AIUI).
I'd not heard about this before, but if you're in England and you've any interest in our regional planning system (which I think you should, if you have your main home here or run a business here), you have six weeks left to comment on the UK Government's suggested changes.
As I understand it, it will move the second-highest tier of planning control from democratically-accountable regional bodies to the business-led Regional Development Agencies, with some oversight by MPs and the very- indirectly-accountable council leaders. I've posted more detail on Co-opNet.
When I asked about local involvement and cooperatives, I was directed towards Local Strategic Partnerships, but I'm pessimistic about how easy it will be to influence regional planning through those: a few weeks ago, I was at the launch of the North Somerset Partnership Sustainable Community Strategy for 2008-2026.
It's a 72-page A4 glossy book which I've still not found time to read properly. I think the size says something about its sustainability. I've posted a little more detail on WsMForum.
I'll try to answer questions about either of them on this blog or those forums...
links for 2008-05-14
EasingJS, a JavaScript Easing Library
I just released EasingJS 0.1.1, a port Robert Penner's ActionScript Easing library to JavaScript. EasingJS allows you to easily generate smooth and stylish animation or color transitions. For some examples, check out the test page.
Signatures in Email
Last week I was blitzed by being cc’d on a lot of email signature related bugs. :-) To remain calm and keep delusions of control active I started on a wiki page for Message Signatures in Thunderbird. Right now the page contains lots of links to relevant areas and ascii art mockups for choosing a default signature for accounts; it’s meant to collect thoughts, research, and define direction.
Managing Signatures
I think a general improvement plan will involve simplifying the signature selection and creation process. Here are a number of points that I think can improve the current aspects of signature management.
Concept Mockup of Signature Chooser in Account Settings
Using Signatures
In the relevant extensions section of the wiki page I tried to list most of the extensions that are dealing with how to use signatures in the compose window. There are a number of ways of solving this problem and lots of issues surrounding posting style that I am hesitant to battle with.
Several bugs (see bug 219197, bug 73567, and bug 37644) have suggestions that attack the problem from different angles. New comments and suggestions are welcome!
ASCII Art Side Note
I think I’ve started to use Johan’s ASCII Art Mockup post as a reference for my own ascii art; it’s good to see some style written down somewhere.
charter
So, Charter will be spying on every web page their customers view, and collating and using this information in a Big Brotherly fashion. But it's for advertising, so it's a good thing, right?
Yeah, right. I signed up for fiber to the home from my local ISP today.
$charter_customers--. Oddly, besides not being a privacy nightmare, my
local ISP is cheaper too. Who'd have thought.
Anyone using http://kitenet.net/wifi wireless or on the network here: You should assume Charter is spying on you for now.
Too many repeaters
Syndicated 2008-05-14 03:21:00 (Updated 2008-05-14 03:21:34) from Kelly Martin
2008 Federal Budget: Laptops
The one single non-standard tax 'thing' that many people I know do is to salary sacrifice for a new laptop. Quick review of how this works: normally, you are discouraged from buying yourself stuff out of pre-tax income, because otherwise a sensible financial strategy would go something like: pay for everything, declare small remainder to government, be taxed only on small remainder. The way the government puts a stop to this is by charging Fringe Benefits Tax on things bought from pre-tax income. FBT is a huge amount of money, you'll pay an insane amount of tax on fringe benefits: better to buy things from your wages after tax was taken out.
There are a few exceptions or partial exceptions to FBT, and one is laptops, at present, more info here (written from an employer's point of view). Given how many people I know get their employer to let them salary sacrifice for their 'yearly laptop', I am surprised to see less commentary on this aspect of the Federal Budget for 2008/2009:
FBT improves tax fairness by taxing non-cash remuneration. Tax planning arrangements and changes in technology have eroded the fairness and integrity of the FBT system, which will be addressed by:
Budget Overview 2008–2009 [706K], page 5
- ...
- removing the FBT exemption for work-related items used mainly for private purposes such as laptops
- removing the double benefit from employee depreciation deductions on FBT exempt items used mainly for work purposes
What does this mean for you? I am not a tax professional (or financial professional) but my interpretation is:
I assume this applies from July 1 2008 on.
Syndicated 2008-05-15 02:42:34 from puzzling dot org: thoughts
And the development is going well though I have been stuck a lot on importing data. However, the tool is extremely flexible and useful - and it's great for merging data from different sources into one unified dataset which is something I think advanced users will appreciate.
I have also been trying to work on the interactive results without too much luck and have instead asked the opinions of the very knowledgeable people on the wxPython mailing list. They seem to come up with extremely helpful answers, but why not ask here?
My situation is this: I have a wxHTML frame displaying HTML results. These need to be dynamic - users will be able to select options that will mean the HTML needs to be changed and then redisplayed. The best way I can think of dealing with this is just to get the HTML (stored in a temporary memory file system) and remove the old code and insert the new code in its place and then re-display it. Does this seem like too much of a bad hack?
"It seems that the Debian maintainer did, indeed, mention his plan on openssl-dev. Openssl-dev is a list for people developing OpenSSL based software, not a list for discussing the development of OpenSSL itself. I don’t have the bandwidth to read it myself. If you want to communicate with the OpenSSL developers you need to use openssl-team@openssl.org."
Publishing contact information for the OpenSSL developers responsible for actually vetting patches to the OpenSSL source sounds like a great idea.
Of course, this address is prominently placed in the source archive so downstream people, and just plain interested users (such as professional cryptographers) will be aware of it, right?
$ wget http://openssl.org/source/openssl-0.9.8g.tar.gz --2008-05-14 01:56:41-- http://openssl.org/source/openssl-0.9.8g.tar.gz Resolving openssl.org... 195.30.6.166 Connecting to openssl.org|195.30.6.166|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 3354792 (3.2M) [application/x-tar] Saving to: `openssl-0.9.8g.tar.gz'
100%[===================================================================================================================>] 3,354,792 161K/s in 16s
2008-05-14 01:56:58 (200 KB/s) - `openssl-0.9.8g.tar.gz' saved [3354792/3354792]
$ tar xfz openssl-0.9.8g.tar.gz $ cd openssl-0.9.8g/ $ ls -1 CHANGES CHANGES.SSLeay ChangeLog.0_9_7-stable_not-in-head ChangeLog.0_9_7-stable_not-in-head_FIPS Configure FAQ INSTALL INSTALL.DJGPP INSTALL.MacOS INSTALL.NW INSTALL.OS2 INSTALL.VMS INSTALL.W32 INSTALL.W64 INSTALL.WCE LICENSE MacOS Makefile Makefile.org Makefile.shared NEWS Netware PROBLEMS README README.ASN1 README.ENGINE VMS apps bugs certs config crypto demos doc e_os.h e_os2.h engines include install.com makevms.com ms openssl.doxy openssl.spec os2 perl shlib ssl test times tools util $ grep -Fr openssl-team@openssl.org . $ grep -Fr openssl-team . $ grep team README $ grep -i team README $ grep -i team FAQ You can check authenticity using pgp or gpg. You need the OpenSSL team property rights, please consult a lawyer. The OpenSSL team does not $
Well, at least we'll be able to find this contact address in some reasonably conspicuous location on the OpenSSL website, right?
Let's try the front page. Hmm, nope.
How about the "Support" page, prominently placed on the site's navigation bar? Success! Er, kind of. We have openssl-announce, openssl-dev, openssl-cvs, and openssl-users. A pretty typical and idiomatic way of setting up mailing lists in Free and Open Source software projects. Kudos! Except, as you noted, none of these is actually the right list to contact the developers of OpenSSL. Well, I'm sure I'm the only person on earth whose intuition is challenged by that, so let's check some other places on the OpenSSL website wherein my howlingly erroneous assumption is put right.
Well, this is a patch we're talking about, so how about the Contribution page?
Hmm, perhaps:
Welcome to the User Contribution Area of OpenSSL. This area contains files maintained by the OpenSSL users and placed here by the OpenSSL team. They are provided AS IS without any kind of support or guaranty.
THIS AREA IS PROVIDED BY THE OPENSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
No, perhaps not.
The Source page is another dead-end; it shows me a lot of source I can retrieve, but does not inform me whom I can speak with about it. Undaunted, I press on.
Well, heck, how about the About page? Hey, this looks promising!
The OpenSSL Core and Development Team
The OpenSSL project is volunteer-driven. We do not have any specific requirement for volunteers other than a strong willingness to really contribute while following the projects goal. The OpenSSL project is formed by a development team, which consists of the current active developers and other major contributors. Additionally a subset of the developers form the OpenSSL core team which globally manages the OpenSSL project. Anyone wanting to join the development effort should subscribe to the developers mailing list openssl-dev@openssl.org, where all development efforts are coordinated.
But, silly me, of course I should utterly disregard the exclusive mention of openssl-dev@openssl.org in a section entitled "The OpenSSL Core and Development Team".
Several individual members are listed, yourself under "core team", and Ulf Möller under "development team". If Mr. Möller was a member of the "development team" at the time Debian developer Kurt Roeckx contacted the openssl-dev list, then I'm sure he should have known to disregard the advice he was given, right? (I'm sure you can correct me with appropriate fist-shaking indignation if your and Mr. Möller's status in the dev team was sufficiently different two years ago. You may, or may not, want to consult The Internet Archive's copy of the page as it existed on 1 and 2 May, 2006, before doing so.)
Well, I have one trick left up my sleeve—I can consult that device which has applied cluebats to addled heads for generations, the mighty FAQ! And do I find an answer?
Hallelujah!
3. How can I contact the OpenSSL developers? The README file describes how to submit bug reports and patches to OpenSSL. Information on the OpenSSL mailing lists is available from http://www.openssl.org.
By God, you've got me! I just go to www.openssl.org, find the...er...nonexistent...mention of mailing lists on the front page, stumble around until I find the aforementioned list of mailing lists, and, uh...don't find any mention of "openssl-team@openssl.org".
Hey, but you stand vindicated, because you shouted the correct contact address to the whole world in the 38th comment to the 327th post on your blog (which must surely compare favorably to being posted on the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'.).
Your certificate of induction into the Good Communication Hall of Fame is forthcoming.
Which mailing list should I send it to?
From that was born the ASDF-TOOLS package (designed to work in conjunction with my build-asdf-package shellscript). It has two exposed function calls.
ASDF-TOOLS:CHECK-PACKAGE goes through the ASDF system definition and checks that the files specced there exist in .filelist and similarly for any file you explicitly ask to have packaged; differences are printed to *STANDARD- OUTPUT* and if there are files that are needed for building that are unlisted in the packaging file information, the function returns NIL.
ASDF-TOOLS:PREPARE-PACKAGE goes through the ASDF system definition and all extra files you specify, then dump this data to .filelist, it also updates the .version file.
Obvious extensions from here: An :around method on ASDF:PERFORM that handles the "incorrect FASL version" condition and forces a recompile of the component, then continues. A function that grovels through an ASDF system and deposits a gzipped tarball in the right directory. I have a vague memory of having seen an ASDF component class that is neither compiled nor loaded, if I use that to replace .filelist, I should in principle be able to move my packaging from a unix shell script to lisp code. Neat, in a way.
I feel the need to post about this issue in the hope that similar problems can be avoided in the future.
My initial disclaimer is that I'm not a package maintainer for any of the major distros, so I'm not intimately familiar with the stresses or workloads that they may face everyday. I am, though, the lead developer on a project that I hope one day will be included in major distros.
Whenever I get some interest from potential distro maintainers, I try to stress my keen interest in getting any downstream patches. This is to hopefully lighten their workload as well as to improve the software for everyone.
Unfortunately, it appears to me that the patch that caused the trouble in Debian recently was not fed back to the upstream developers, and if it had, it may have been caught much earlier.
What can be done from an upstream developer's point of view to encourage these upstream patches to keep flowing?
And is it not almost a duty for all downstream package maintainers to send patches upstream whenever possible?
Perhaps in some cases, the upstream packages themselves are not actively maintained, in which case being a distro package maintainer is even harder. But OpenSSL is not such a case.
I've run into 3 cases so far where a bad patch to the libtar library has sneaked into various distros and caused trouble for people trying to compile Barry on their systems. Would it not be better for these distro-specific patches to be fed upstream, and get rejected with a proper reason? Would it not be better for all distro maintainers of a particular package to be subscribed to its development mailing list, and see these issues first hand?
Obviously I think so, but I'd like to hear your thoughts on it. I think it is an issue that needs to be discussed, and now's the perfect time.
Test Open ID implementation for Python
I got it working. I have a record for TestOpenID on the Python cheese shop website. There is also a link to my own page on TestOpenID.
It should be easy_install able.
Windows Patches Welcome; Windows Attitude Not
<summary type="xhtml"></summary>May 13
One of the guys in the office loaned me a Flight of the Conchords DVD. I watched one episode. It's pretty awful, and that's being kind.That doesn't happen very often
On Saturday morning I woke up to people talking about string concatenation, and how many parameters some function needed.
Syndicated 2008-05-14 01:57:52 from Dave Brondsema's Blog - Programming
pycurl orphaned in Debian
Domenico Andreoli just announced to the world that he’s orphaning the pycurl package in Debian. pycurl is the fairly popular Python binding for libcurl written by Kjetil Jacobsen.
Fans of Debian, libcurl and python now have a fine chance to step forwards and contribute!
O que você faz de diferente quando não está na frente do computador?
Ok, ok, esse não é o meme da semana. Aliás, qual é ele?
Bom, eu toco piano. Tocava, já que não tenho piano aqui em Brasília. Mas comprarei um teclado bacana, assim que der. Enquanto isso comprei um violão, pra matar saudade da música.
O vídeo abaixo foi gravado anos atrás, numa câmera de 8MB. Não está faltando um pedaço, foi tudo o que foi possível gravar.
Project 365, Day 134: Doing Knuth, Section 2.2.3 Alg A
Every week, we get together, and study from Knuth. Large sheets of paper and colored markers help a lot.Restaurants, immigrants, and the popularity of various cuisines
A little off-topic exercise conducted in the "eye of the storm", when Ilenia and Helen were still in the hospital:
A post on Seth Robert's blog brings up the idea that many Chinese restaurants were opened as a way to go into business without competing with native male workers. The post made the rounds of several other online journals.
That was the push I needed to get up and go collect a few statistics of my own, regarding an idea I've been kicking around for a while. My theory is that the number of restaurants of a given type, divided by the number of immigrants from that country might be an interesting way of guaging the popularity of the cuisine in question.
In order to simplify things just a bit, I actually used data from Italy, for the following reasons:
Most immigration to Italy is pretty recent, so it's not necessary to account for the length of time different immigrant groups have been present, and the effects that may have had on the diffusion of a given cuisine.
Immigration statistics were readily available: http://demo.istat.it/str2006/index.html
Italian the language almost completely corresponds to Italy the country (outside of a chunk of Switzerland, San Marino, and the Vatican), something that makes things that much easier.
I speak Italian, so it was easy to find out all the information I needed
Unfortunately, finding out the number of restaurants of various types is far from an exact measurement, and since this is a quick fun project, I just went for Yahoo search (they deserve credit for keeping their search API open when Google's was closed) results on terms like "Ristorante Turco" (Turkish), "Ristorante Messicano" (Mexican), and so on. This was the most expedient means of gathering information quickly, but this approach does present a number of obvious problems, listed here in the hope that someone without diapers to change and a business to run might come up with some good answers:
Some hits likely come from people talking about a restaurant that happens to be in a country, like "ristorante americano". "Nel tipico ristorante americano, ...." or in other words, "In a typical American restaurant", rather than an American-style restaurant in Italy, which is what we were looking for in the first place. This is probably also true of countries close to Italy, where people go on vacation and thus have occasion to write about their experiences in a "ristorante tedesco" (German), rather than going to eat in a German restaurant in Italy. Perhaps the search query could be improved in an attempt to eliminate this sort of false positive.
Some restaurants probably are not known as, nor brand themselves with a country name, but instead utilize titles like "Middle Eastern", "Arab", "South American", "African", or others that do not correspond with any one country in particular. It would be possible to group countries together with other adjectives, and get statistics for these clusters as well.
Measuring hits is measuring what people are talking about, rather than simply restaurants that exist, so if restaurants from a certain country are more talked about than others, that would muddy the statistics a bit. However, it seems reasonable that people would mostly talk about restaurants in proportion to their popularity, and I don't see a particular reason why there would be more talk of Vietnamese restaurants, say, than Thai restaurants, compared to the actual numbers.
That said, for a quick project, this approach seemed to work out ok, and the results appear credible. Obviously, the results also reflect people discussing certain cuisines, rather than an actual number of restaurants, but since it does reflect interest, we'll use the number in any case.
Since the number of restaurants/interest in a type of restaurant was clearly not correlated directly with the number of immigrants, other factors must come into play. For instance, "ristorante giapponese" turns up 125,000 hits, but the stats say only 6873 Japanese nationals live in Italy. As above, hits don't mean actual restaurants, but clearly Japanese cuisine is not being popularized through immigration.
Here's my guess: these statistics show, to some degree, what people in the host country actually like to eat. Food that tastes good means more restaurants. Things that aren't that popular mean few restaurants, even if there are many immigrants. To pick on one country, there are many Philippino immigrants in Italy, but very few search hits - and anecdotally, I've never seen a Philippino restaurant in Italy either, whereas even smaller towns like Padova have Chinese, Mexican (well, it's called that, even if it's a shadow of the real thing), Japanese, various Arab and middle eastern restaurants, and even a few less common things like Eritrean. And I know that many native and foreign restaurants employ Philippino cooks.
Below is the chart I whipped up showing the number of Yahoo hits per immigrant. The Italian names shouldn't be too hard to figure out. A few tricky ones: Giordano-Jordanian, Giamaicano-Jamaican, Spagnolo-Spanish. If you're interested in numbers or source code, contact me.
Syndicated 2008-05-13 14:34:00 (Updated 2008-05-13 14:49:09) from David's Computer Stuff Journal
good rule
If you fail to make even the slightest effort to save gas, you are not allowed to complain about gas prices, no matter how high they get.
From here.
Smoke from the PSU
Yesterday I received two new machines from DOLA on-line auctions [1]. I decided to use the first to replace the hardware for my SE Linux Play Machine [2]. The previous machine I had used for that purpose was a white-box 1.1GHz Celeron and I replaced it with an 800MHz Pentium3 system (which uses only 35W when slightly active and only 28W when the hard disk spins down [3]).
The next step was to get the machine in question ready for it’s next purpose, I was planning to give it to a friend of a friend. A machine of those specs which was made by Compaq would be very useful to me, but when it’s a white-box I’ll just give it away. So I installed new RAM and a new hard drive in it (both of which had been used in another machine a few hours earlier and seemed to be OK) and turned it on. Nothing happened, I was just checking that it was plugged in correctly when I noticed smoke coming from the PSU… It seems strange that the machine in question had run 24*7 for about 6 months and then suddenly started smoking after being moved to a different room and being turned off overnight.
It is possible that the hard drive was broken and shorted out the PSU (the power cables going to the hard drive are thick enough that it could damage the PSU if it had a short-circuit). What I might do in the future is keep an old and otherwise useless machine on hand for testing hard drives so that if something like that happens then it won’t destroy a machine that is useful. Another possibility is that the dust in the PSU contained some metal fragments and that moving the machine to another room caused them to short something out, but there’s not much I can do with that when I get old machines. I might put an air filter in each room that I use for running computers 24*7 to stop such problems getting worse in future though.
I recently watched the TED lecture “5 dangerous things you should let your kids do” [4], so I’m going to offer the broken machine to some of my neighbors if they want to let their children take it apart.
A bit of a Communication Problem
I’ve been doing some testing recently with Thunderbird and it’s offline support; trying to get a handle on what the state of the onion is. One problem that has bothered me is the silent state of online to offline, not to mention the dialogs that happen after that.
Communication
How do you convey that Thunderbird is offline or online? I’m not too sure of the implementation yet but I think we can get some excellent ideas when examining IM clients and how they handle online vs. offline; for email it’s just a little less extreme.
Online
Should have some indication that is available, but not too prominent because this is the state where everything is good. When you’re online, emails will be sent right away and new messages will arrive, we don’t need a large piece of real estate to inform you that the situation is normal.
Simple and obvious green signal that you’re online
Offline
Requires a clear indication that is prominent and obvious. Auto-reconnection should be the default and timeouts created that indicate when the next reconnect will take place; allow people to interrupt and reconnect immediately.
You’re grey and offline, do you want to try going online now? I’ll try in a little bit anyway…
Because for email we can also expect that some people will want to be offline intentionally we need to allow for people to remove the indication and include ways for people to tell Thunderbird to stop trying to auto-reconnect.
Getting Back Online
When you’ve finally reconnected it’s a moment for celebration… Yay! Get back to work!! This kind of notification allows people to understand that you’ve reconnected and things will be back to normal.
Getting back online from an offline state can also incur some syncing and likely heavy network traffic so for those reasons alone it’s good to let people know that Thunderbird has realized the new online state and is going to start doing it’s business again. Hold on to your butts…
Woo Hoo! We’re back online!
Some Caveats
We examined an IM client with a single account. There are some extra things about Thunderbird and email that need to be considered, here’s just one: You could have multiple email accounts and only a few are not connecting. What does it look like to have the account you’re focused on online and another account offline? What does the opposite look like?
Founding Sponsor Opportunity Closing
Last month we announced that there were only 30 days left to become a Founding Sponsor of the Twisted Software Foundation. There are only two days left, so get your donate on!
Zenoss recently published a press release about their sponsorship, exposing Twisted to an "enterprise" audience that may not have heard of it yet. From the release:
United Business Media (formerly known as CMP) has also donated to Twisted, becoming a recent Founding Sponsor. This was a rather unexpected bit of good fortune... but it gets better: they hadn't heard of Twisted before, and after reading up on it, they were so impressed that they immediately agreed to have three of their research and publication organizations become founding sponsors. They were amazed at the sophistication and power that the Twisted framework provides to a community of developers who are creating the future trends in software. I expect we'll be hearing more from them in the future ;-)
Update: The three UBM companies which sponsored the TSF are Contentinople, Internet Evolution, and Light Reading.
<!-- technorati tags start -->
Technorati Tags: tsf, twisted<!-- technorati tags end -->
Syndicated 2008-05-13 20:29:00 (Updated 2008-05-14 08:59:50) from Duncan McGreggor
Caves of Steel
Caves of Steel is interesting because it is a murder mystery set in the future, which at the time this book was written was a novel concept. It also presents an interesting almost-communist view of the future, where individual liberties are surrendered one by one in order to improve economic efficiency in order to support Earth's ever growing population. Implicit in that is the assertion that capitalism is inherently inefficient, but I'll leave that discussion alone.
) Isaac_Asimov()
Gabriel Kerneis and myself have just finished compiling some latency statistics for web servers. The results, assuming they are right, are rather surprising.
As we expected, processes are horrible and event-driven code is very good. The surprise is that kernel-threads, while unfair, are not as bad as we expected, and that user-space threads, if implemented right, are actually pretty good.
Did anyone do anything similar?
social contracts such as those followed by debian automatically conflict with profit-maximisation priorities.
period.
assuming that for profit-maximising companies it is far too difficult for them to be able to get shareholder's permission to change the articles of incorporation, the only acceptable option is for debian's release cycle to be followed by profit-maximisation companies, not the other way round.
May 12
Poking at the phone with Perl again. Managed to trigger a spontaneous reset simply by connecting to it via Bluetooth... such quality software these phones have.Release Dates for Debian
Mark Shuttleworth has written an interesting post about Ubuntu release dates [1]. He claims that free software distributions are better able to meet release dates than proprietary OSs because they are not doing upstream development. The evidence that free software distributions generally do a reasonable job of meeting release dates (and Ubuntu does an excellent job) is clear.
But the really interesting part of his post is where he offers to have Ubuntu collaborate with other distributions on release dates. He states that if two out of Red Hat (presumably Enterprise Linux), Novell (presumably SLES), and Debian will commit to the same release date (within one month) and (possibly more importantly) to having the same versions of major components then he will make Ubuntu do the same.
This is a very significant statement. From my experience working in the Debian project and when employed by Red Hat I know that decisions about which versions of major components to include are not taken lightly, and therefore if the plan is to include a new release of a major software project and that project misses a release date then it forces a difficult decision about whether to use an older version or delay the release. For Ubuntu to not merely collaborate with other distributions but to instead follow the consensus of two different distributions would be a massive compromise. But I agree with Mark that the benefits to the users are clear.
I believe that the Debian project should align it’s release cycles with Red Hat Enterprise Linux. I believe that RHEL is being released in a very sensible manner and that the differences of opinion between Debian and Red Hat people about how to manage such things are small. Note that it would not be impossible to have some variations of version numbers of components but still stick mostly to the same versions.
If Debian, Ubuntu, and RHEL released at about the same time with the same versions of the kernel, GCC, and major applications and libraries then it would make it much easier for users who want to port software between distributions and run multiple distributions on the same network or the same hardware.
The Debian Social Contract [2] states that “Our priorities are our users and free software“. I believe that by using common versions across distributions we would help end-users in configuring software and maintaining networks of Linux systems running different distributions, and also help free software developers by reducing the difficulty in debugging problems.
It seems to me that the best way of achieving the goal that Mark advocates (in the short term at least) is for Debian to follow Red Hat’s release cycle. I think that after getting one release with common versions out there we could then discuss how to organise cooperation between distributions.
I also believe that a longer support cycle would be a good thing for Debian. I’m prepared to do the necessary work for the packages that I maintain and would also be prepared to do some of the work in other areas that is needed (EG back-porting security fixes).
I'm Helvetica
<h2>I'm Helvetica ⇢</h2>You exemplify the modern urbanite. You are minimalist in style, committed to "clean lines" and restaurants with names in all lowercase. You aspire to live in an urban loft, and when the lease expires on your Jetta, you plan to get a Prius. Each time you fly, you have someone plant a tree to offset your carbon footprint. Yet, you smoke like a chimney, because it's "Hollywood."
Does Helvetica really mean Environmentalist now? Did I miss the memo? Also, I'd rather have my hydrocarbon spewing, 50mpg motorcycle, than a Prius.
Back from Cuba
I'm just back from a trip to Cuba. Sorry for the abrupt disconnect. I expected to have limited connectivity there, whereas I actually had none at all except for 23 minutes! I hope the other members of the cooperative and the editorial team stepped in suitably well. I'll check in with them now and then start on the emails, but I wanted to put this broadcast out first for those who are watching closely and wondering...
2008-05-13: A note on market research
<!-- start of entry 200805/13 --> A note on market researchI left one company after several years of faithful service. The CEO himself was elected to get me a going-away present on behalf of everyone. He got me... cuff links. (I include the wikipedia link to help out those of you who know as much about cuff links as I do.)
By comparison, where I work now, an office manager was elected to buy me a wedding present. She didn't know what I would want, so she went through my emergency contact information (the privileges of being an office manager!), called my parents, and asked them what I would want. My parents didn't know, so they sneakily called me under false pretenses, got the information out of me, and reported back. What I got, among other things, was a shower squeegee. (I include the patent office link so you can truly understand what an amazing gift that is.)
So what's the moral of this story?
Well, sometimes your office manager knows a lot more about pleasing customers than your CEO does. <!-- end of entry 200805/13 -->
Syndicated 2008-05-13 01:06:57 from apenwarr - Business is Programming
FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
| Users | 13581 |
| Observer | 9495 |
| Apprentice | 744 |
| Journeyer | 2348 |
| Master | 990 |
