EMAIL - I publish email sometimes. If you send me an email and you want privacy, say so, I will respect that. Be aware, though, that I am (usually) human and make mistakes.
OK, I know I never came back yesterday, either. We did the Sunday morning Costco run, spending very little. Unfortunately, we go in the checkout lane from Hell. Every individual had to do something entirely new and different. There were a pair of khaki pants that the person and the checker spent a total of 5 minutes holding, searching for a tag, staring off into the distance, blindly hoping for someone to come help them... and on and on... finally the checker convinced the shopper that they didn't want the pants. Hmmm. People were in line in front of us who had never used an ATM card before. WHAT PLANET ARE YOU FROM??? Sigh.
Anyway, home safe and sound, having killed no one despite strong urges, I dug into Chapter 6. Finished my first pass about 9:45 last night, packaged it up with the graphics, and sent it off to Tom for savaging. I say it that way because I don't feel good about the front part of the chapter, but am not sure what to do about it. I read and re-read it, restructured twice, then tried the Oscar Wilde method... adding, reading, then removing a single comma. Didn't help. We'll see. I am sure that Tom can help me see the light of day on this one.
Tonight, after running off with Marcia to a meeting, I am going to start ripping into Chapter 7, Kernel Management. I think building a 2.4test6 kernel is a good exercise, don't you? Now must run. Have a fun day, and I'll probably rejoin you later with a little mail, and who knows what other blitherings.
17:00 - Just 10 short hours later... we lost our Director of Sales, well, we didn't lose him, but Bill and ETS parted ways, last Friday afternoon. Now Jack and Trudy are off for 2.5 weeks, leaving Vanna and I holding the fort (on the management side of things). Just like I needed more to do. Whine, whine, whine. Thanks, I needed that! <g>
There's a new Alertbox up from Jakob Nielsen, this one on Mailing List Usability. Interesting as usual from Jakob. I sure am glad he has time to think about this stuff, and tell us. I usually learn lots. This one is no exception. If you haven't, then read it.
I read the letter to the editor section at Byte today... John Clemens, poor guy, had an absolutely horrid experience trying to Linux loaded on an older machine. He ran into problems I've never even heard of. And he started with Debian (and doesn't specify the release, so I will presume 2.1, since 2.2 was only released last week). Debian has generally not been known for it's ease of use / human factors aspect. I understand how he feels, everytime I have to reinstall Windows or Linux, because of something broken, because I didn't know enough, or something. This happens to me in every system, at one time or another. I do like the bit at the end, where he implies that he actually BOUGHT paper tape basic... {grin}. You don't suppose he's related to Bill G., do ya? One of these days I am going to have to dig up this well-documented floppy writing/reading problem. Hmmm.
Lots to do, little time, so I will be on my merry way. Take care, y'all, I'll see you tomorrow.
Top (& search) /
Index & Links /
Orb Home
/ Email Bilbrey
Danger, Will Robinson. There's a new Netscape bug about... Here's the skinny: There's a bug in the Java implementation of every version of Netscape, 4.74 and before, that can allow a "hostile" webpage to turn your Netscape client into a "server" for any files readable for the current user. Here's the SecurityFocus page on the topic - Microsoft and Linux versions are vulnerable. The solution is to upgrade to 4.75 or/and shut off Java altogether. Sigh.
Good Morning. Lot's to do today. Much as I'd like to start on a new project or two, I think I'll finish some old ones, first. Burn a CD-R of pictures for the ETS distributor in NZ, then get back on the DataSheet warpath. We have data sheets on almost every product, but only about half are converted to PDF and available online. What's after that? I'm not sure, but that could occupy me for a week or more, depending on how exacting I am about updating the data on the old datasheets, in the process of conversion. Perhaps simply getting them out in a first edition, then upgrading in batches, as Jack and I have time to go through would be a good thing...
Last night, Marcia and I were out for much of the evening, so I never got around to starting on the Kernel chapter. That's tonight, in concert with laundry. I had best head out now, so that I can bail early this afternoon, get the work done, and get to work. Later, all.
20:27 - Good evening. Busy, busy with playing with kernels. Oddly, I am writing this
on an X-Session forwarded over SSH to Gryphon the Acer Travelmate, while in an SSH terminal
session from Grinch (in Win2K mode) I am running a kernel compile, also here on Gryphon. Why?
Because I can cut text out of the terminal session in Windows and paste directly into the Chapter,
whereas I can't open this editing tool under Windows. See? The kernel compile was over in minutes,
what's taking time is the make modules step, because I simply did a make oldconfig from the stock
kernel, which has every module on Earth enabled. It is, however, the fast and dirty route to an
updated Linux kernel. Anyway. I did break away a little while ago for a bit of a jog, and a following
shower. Now, far too late for my taste, it's supper time. I almost broke down and just ate ice cream,
but you know how it is. A little guilt goes a long way. Ah, modules still making, but my pork chops
are thawed, so it's time to cook. Have a good'un. Mañana!
Top (& search) /
Index & Links /
Orb Home
/ Email Bilbrey
Howdy. Late, short secondary post yesterday evening, on-time, short post this morning. I am tired. I built 77 thousand kernels last night (OK, perhaps I exaggerate a tad) - overall things are going well on that front. The trick, as usual, is to make the information accessible without dumbing it down at all. Occasionally I simply want to write, "... and just do it this way. Never you mind why, just do as I say." Not a good pitch, though tempting at times. Heh.
The Jargon File has been updated - always nice to stroll through somebody else's odd mind for a while. Oh, yeaaaah, something I forgot to mention, the pneumatic gaming chair. It's not pretty, but it's fairly ergonomic, and it is coooooool! Oh, right, and they aren't available yet... but in the Loki booth at LWCE (LinuxWorld, last week) was an active gaming chair, with built-in wrap-around dolby sound, control stick and foot pedals, hooded monitor, etc. I want one. (OK, not really *want*, but it sure would be fun to have).
No ice cream at all last night, even though I could hear it calling me through the freezer door. Hmmm. Now off to work with me - I'll be back later today.
18:44 - Hello. Back again. Not much to say - Marcia may have a small secondary infection, and the dentist gave her a scrip for penicillin - should knock any potential buggies right down.
Meantime, I am running more kernel configs. I know, it may seem pointless at times, but I am logging each run to a script file so that I can refer back to it at a later date, or edit and expurgate it for inclusion in the Kernel Mangement chapter.
I haven't taken the time to play with visually or otherwise interesting tools in the last few days, and as Tom and I round the back corner and gallop into the finish of this book, there'll be less and less time. Whew. This is alternately an exhilerating and exasperating experience. Tom keeps telling me, "I told you so!" Anyway. Progress is being made, and I am learning lots in the process of piecing together and passing on what I learn - it's a never ending cycle. I did pause for an hour on Sunday last to play a little Diablo I, since it was on the dump tray at Costco for 7 bucks. Such a deal. Ah. This make modules run is over, so I am on to the next test. See ya!
Top (& search) /
Index & Links /
Orb Home
/ Email Bilbrey
Well, good morning. Everyone on the phone yesterday was commenting that it was hump day. This is a ficticious day in the middle of the working week, whatever that is. My 'weekends' sure don't look like Ward Cleaver's did on TV. But then again, I'm rather like Sting - I really enjoy what I'm doing, I'd do it for free really, except they pay me millions of dollars (Ok, I'm not like that last bit, unfortunately). But I do get a great deal of pleasure out of playing with these tech toys and writing about it, one way or another. I did have a rather amusing thought this morning as I awoke: What *AM* I doing writing about how to do stuff... I *never* read the instructions (not entirely true, but it's a reputation I must maintain). Hmmm.
Hah. Got a nice trail on an scan attack on Grendel from a machine out of the static IP group that PBI runs. I need to package this stuff up and send it off to [email protected] later today. Total of 21 ports scanned, none pertinent to anything I know of... all looking like this: Time for another Hall of Shame report, I think. (I send those to the administrators of every violating network I can identify).
/var/log/messages:Aug 20 20:24:14 grendel portsentry[613]: attackalert: SYN/Normal scan from host: adsl-216-102-90-214.dsl.snfc21.pacbell.net/216.102.90.214 to TCP port: 713
Ah, right, later today - a follow-up dentist appointment for me, and then going with Marcia to her appointment, so's I'd better hit the road, Jack. Have a lovely day and I'll be back with y'all laaater.
19:00 - Alert Update... First, Jerry has posted (courtesy of Mr. Dobbins), a notice of a submisstion by Bruce Schneier (CounterPane Security, Applied Cryptography) on Slashdot, about a vulnerability in PGP. There is also a link to the Key-Experiments that were done to demonstrate the vulnerability - all this crap is (allegedly) due to the requirements of Key Escrow, as promulgated by the various and sundry governments of this lovely planet. Bruce does say that v.5 and v.6 of PGP is afflicted by this. I honestly do not know if GPG is also affected by this - I will be looking into that shortly. I see in the Key-Experiment (ref above, search on GPG) that you can determine whether or not there's a rider signature in a key with GPG, so perhaps... Nope. GPG is also vulnerable to this. According to the Key-Experiment page (and implicitly, rather than explicitly) agreed to by Bruce Schneier, is that the only safe version of PGP out right now is PGP-Classic (2.6). It is available from www.pgpi.org, although they appear to be getting swamped at the moment. If anyone has 2.6i sources available, please mail me the tarfile (NOT NEEDED NOW, THANKS) , and I will make it available here. I might yet get though, while I babble on, here. Oh, right. My most recent key, which was up under the link at the top of each Graffiti week page, is now gone. I am going to generate a revocation of that key shortly, and gen a new 2.6i key as soon as I can. Stay tuned to this station.
Alert Part Deux - I hear there's a new Outlook worm about. Let's see what Symantec has to say... Nada. How's about NAI... Nothing, no AVERT updates at all... There's this Pokemon virus thingy over at CNNtech, and The Register concurs, which prompts me to head back over to Symantec and look for Pokemon. Aha, gotcha. A "minimal" threat, all across the board, as seen on the W32.Pokey.Worm page at Symantec. Protection provided by AV updates since late June.
OK. PGP 2.6.3i update. Here's the tar file of the source (pgp263is.tar.gz), and here's the md5sum I just calculated for it. These are only legal for use internationally, because of the RSA patent which remains in effect through the 20th of next month. The US and Canada version is 2.6.2, available from MIT, which it would appear is behind such protection as I ought not mirror the sources, but the requirements to pass those gates are not onerous. However, I was just unsuccessful in building PGP 2.6.2, ran into compile errors during the make. Sigh. I am out of time. We'll try again over the weekend. In the interim, if you have any keys for bilbrey on your PGP or GPG rings, please delete them. Now I must have supper, then get to work on the kernel chapter again. TTFN.
Top (& search) /
Index & Links /
Orb Home
/ Email Bilbrey
Good morning. To start with, I made no further progress on the PGP front, following last night's researches and abortive compile attempt. My life is not *yet* dependent on reliable encryption, but it's likely to be so, and I want to know that I am working with a secure key format, which the v.4 keys are not, because, as noted, they can be nearly invisibly signed by a (or many) third parties, and the regular PGP software detects it not at all. GPG can be used to determine whether there are varmints on your key. See, read and understand the paper called Key-Experiments. I repeat this link, as I think that knowing about this sort of stuff is important in the connected age we live in.
> the only safe version of PGP out right now is PGP-Classic (2.6).
Hah. And people say I'm paranoid. See the very paragraphs of:
http://www.ttgnet.com/rbt/daynotes/2000/20000717.html
Actually, I don't trust compiled versions of 2.6 either. Remember back when the US government
was at the point of arresting Phil Zimmerman? There was quite a bit of nastiness from the
government. Then, a new version of PGP (2.6?) was released, and all of a sudden the government
backed off. I suspected at that point that the new version had a back door built in. Although it
would obviously be difficult, probably impossible, to conceal a backdoor from those with access to
source code, I always suspected that the compiled x86 version, which probably the vast majority
of PGP users are using, had such a backdoor.
--
Robert Bruce Thompson
[email protected]
http://www.ttgnet.com
Just because you're paranoid doesn't mean they aren't watching! I am probably going to go with 2.6.3i from source once the RSA patent expires next month, just from general principles.
We (Tom and I) got a reference into MacMillan from our friend Stephanie yesterday afternoon. Tom lobbed the ball decisively and firmly into my side of the court, and I put my hat by the side of the ring, indicating I'd be willing to talk. This was about mid-afternoon. By about 7 in the evening, I began an email exchange with a MacMillan AE - his last message was at about 11:40 his (east coast) time. Whew. We shall see what comes of this.
Now I must run. Have a great day, catch you later.
18:08 - Hello. The 'net seems to have a case of the slows at the moment, though maybe it's just the local link to the CO, since the DSL modem de-sync'd and re-sync'd itself as I watched. Hmmm. Can't get to Slashdot, though, and I want to see if any action on the PGP ADK foop had to do with GPG updating. A good question just now from Dan Seto...
From: "Dan Seto" <[email protected]> To: [email protected] Subject: PGP Date: Fri, 25 Aug 2000 11:25:04 -1000 Brian, I'm not the expert on security so I'm asking you these questions. Please = note I am asking simply because I don't know the answers. I don't have = any bones to pick regarding PGP (even though I also use digital = certificates, which I wrongly thought would replace PGP).=20 So, I'm perfectly willing and able to change back to PGP 2.6.2 for DOS. = But before I do that, does using 6.5.7 (the patched version to fix the = ADK vulnerability) in fact solve the ADK problem? If it does, should we still move back to 2.6.2 for other reasons = (knowing that there are possible key incompatibilities with later = versions of PGP)? Just asking. And with no intent to start any angels to dancing on the = heads of pinsAloha - Dan
Hmmm. Good question. I followed all those links, and read all I could yesterday, because I didn't get enough information out of Bruce's post on Slashdot. Point in fact is that 6.5.7, which is indeed out now (though it wasn't yesterday) is (1) a rush release, and not necessarily reliable, as such; (2) still capable of accepting ADKs (that is, escrow signatures, as I understand the topic), just not *unauthorized* ADK's. I am not at all clear on the fundamental goodness of the ADK concept at all, either. So now what? I don't honestly know the answer to that question. I certainly am not installing and running binary only executable releases for such software, at all. If GPG puts out a fix, and it meets with approval for a few months, then I might could swap over to that. Additionally, I could install PGP w/v.4 keys, in order to do verification of packages (on one machine, anyway), but once the 20th of september passes, I will only be signing, encrypting and decrypting with 2.6.3i, which is tried, tested and so far as is known at this time, not vulnerable to anything except operator stupidity. Additionally, it is not subject to creeping feature-itis. These opinions are my own, and might be wrong. That's my prerogative.
And now for something completely different ... In my copious spare time I've been reading Against The Gods: The Remarkable Story of Risk. It has a historical fiction sort of dust jacket art, but is very non-fiction, with quite a bit of probablility and other thick bits in it. It reads rather like James Burke covering how AmenRa inventing a few piddly gambling games leads straight to the modern options trader. I am not doing this justice, really, but what can one say about risk management - there's probability, there's statistics, there's actual and perceived value, and on and on. The author, Peter Bernstein, does a good job with this topic: t's really quite a bit more interesting than I expected. I don't, however, anticipate a riveting end, nor a cliff-hanger. Now I am off for Chinese take-out, then back to the book. Later, all.
Unexpectedly back. No problem, just another Linux rant - Linux Thoughts, Round 2.
I am prompted by recent readings to clarify some more of my thinking on Linux, Open Source and related topics. I thank you for your patience in providing me with this soapbox, and being a sounding board. I don't intend to offend anyone, but almost always, there is someone or some group who *will* find an opinion offensive. So be it. I am responding to such statements as these (thanks, JHR): > Most Linux companies do not make money selling software, but rely > solely on selling technical services such as consulting, > installing and maintaining the programs. > > This tends to preclude and obviate improvements in Linux > usability; OS, apps, all of it, since any improvement to Linux's > usability would be extremely counterproductive to a business plan > that depends on the sales of support services. and > And this sums up one of the major problems [with Linux?] that we > as users face today -- the confusion of technology with religion. > Technology has no moral aspects, any more than any other more > concrete tool. The former statement seems more like glib FUD, since I have seen no facts to back those statements, only to refute them [1].However, that last statement prompted me to a glib response of my own: > Two words: Manhattan Project. But then I started thinking a little more extensively. My first impression is that huge, heaping hunks of the coders who actually do work on Open Source software would perhaps like all this commercial and media attention to dump itself in the nearest cesspit. I have this picture in my mind of events of the last 4 years - take a walk through this maybe real, maybe alternate, reality with me. *** 1996: Linux has been around for about 5 years. It is the project, the tech toy of the geeks of the world. It ain't for Aunt Millie, but then it wasn't designed for her - it was the sideline research project of a really bright, unassuming Finnish college student. It grew topsy, and took on a life of it's own, but it's ours, dammit, and we are going to license this stuff in such a way that they (the mysterious they) can't take it away from us. Geeks being who they are, love to incorporate their toys into their work - in fact the toys *are* their work, the other stuff is done to pay for pizza, Jolt [tm] and electricity to run the toys. Now here's the kicker, this "toy" Operating System, freely licensed - meaning I can run it at home, at work, give it to my buddies, whatever - is better at doing some tasks than the OS the bean counters made us buy. Feh. Let's put Linux in instead. As long as it doesn't crash as often as [insert favorite heinous OS here], they'll never know the difference. And Linux began creeping in the back door at a lot of corporations, large and small. 1997: What began as a trickle became a flood. If I run Linux as my webserver, my DNS box, my mailserver, then I don't get paged at 3AM. Didn't take Neandertals bangin' the rocks together to figure out that math. The word spread along the geek underground (primarily email and the Usenet), and Linux flooded into the dark corners, the unobtrusive backwaters of corporate IT departments everywhere. It ran on the same hardware as the other OS, so who's to know, except the geeks... 1998: The word creeps up anyway, and IT Management is forced to take notice. Hmmm. A bit of a thick challenge here. Our bright boys and girls have found a solution. It works. It works better. But (and this is a big but), we didn't approve it. No one supports it except our bright boys and girls. If they go away, then who will keep our systems running. We can't get an MSCE to work on this stuff... [Be quiet in the Peanut Gallery, yeah, we heard you... Must Consult Someone Experienced... heh.] Thus arose a business opportunity. There is a large corporate need for Linux support, service, BRANDS! Something the IT Directors and Bean Counters can take to the Board and to the Shareholders, point and say, "We have done due diligence, there is [insert favorite Linux company name here] to provide us with support." This massive business opportunity coincided with a vast pool of liquid wealth called the Internet Bubble. When opportunity and wealth meet, new businesses pop up like weeds in the early spring. These businesses, however, have a peculiar challenge. Their prime commodity is something FREE, licensed to be free as in Free Speech. Tricky. VenCap firms waving wads of cash convince a goodly number of outstanding people that "Tricky" can be negotiated. It can, almost certainly. By whom, or how is up in the air at this time. The bubble deflated just a hair, and some of the spring weeds are drying out in preparation for the summer conflagration. Many of the companies will fail, but a few will do very well indeed, because, STILL, the Directors need to be able to say, "What we do, our business practices and tools, are supported by legitimate on-going enterprises." 1999-2000: As a beneficial sidebar, many of the geeks who played with Linux in their spare time, and snuck it in the side door of the corporations, got hired by these new "Open Source" companies. Some intriguing ethical dilemmas here, since the geeks now work for companies that are trying desperately to make money of the beloved FREE OS. On the gripping hand, these companies are actually paying the devout, the Linuxen, to play with their toys, to develop cool code and gain incredible hit and experience points in the Open Source game. Something will come of this. Some people will make money at it. Many will lose first money, then their companies - the latter day equivalent of coming home carrying your shield ... or on it! *** That's how I see the adoption of Linux, and the growth of the Open Source industry. An initial furtive infiltration, followed by explosive growth fueled by real benefits that Linux boxes can bring to an organization. (I overheard Jeremy Allison refer to the Linux revolution inside SGI as comparable to the explosion of the Ebola virus within the human body ... a perhaps over-vivid analogy) There is invective and hyperbole being slung about on all sides of this debate. There are the Old Line corporations (and the New Age Corporations), both of whom need support for their Linux boxes. There are the hot... (well, lukehot) companies vying to be the provider of those services. And there are the geeks, who are pleased that the "Toy" has grown up and become "of use", which is an important transition. Additionally, there is resentment that people are abusing the ... let's not say dogma or theology, though casting an argument in religious terms is as old as mankind ... let's say, mindset of Open Source, of sharing and openness that built the foundation that is underneath all of this. Sure there are strong feelings. Enjoy them. Remember, I choose to view Linux adoption in the manner of equally push and pull. It is growing in ease of use by leaps and bounds, and that isn't good enough for some people. Oops, too bad. Sorry. I manage to use Linux everyday to get parts of my job done. Not all of it, but I am continually evaluating new options that will allow me to use Linux for all my day's work - it's much closer than a year ago. Now I have to get to work ... writing about Linux. Heh. [1] Almost all of the improvements in installers has come about as the result of direct Linux company sponsorship. The server market is only so interesting, only so big. There is a huge incentive to work really hard at making the desktop work - if the desktop works - FREE - then applications and services for those applications can begin to make sense. Besides, a company that goes too close to that edge is going to get bitten hard by the geek community. Period.
First order of business - got this in the mail last night...