March 30, 2008
Last entry for March - I seem to be keeping up with the posts. Not so many personal entries this month, it'- been a tougher one for me and I didn't want to burden anyone.
The web site seems to be picking up. I've had about 500 unique visitors generating 5000 hits. This is up from 380 visitars and 4200 hits last month. Most people are after the blog, and the post-install notes from the HBCLUG site.
Visitors are also staying longer, (a few for over an hour: I figure they parked the browser and went for coffee) and they come mostly from NZ and the USA.
The homepage manages to top the google searches for my name, above a certain pop duo. Googling linux NZ dosn't place me (yet) but I did pick up a snippit of news, see below.
I've mostly spent the weekend recovering from IT-immersion, time with family, nice meals. It was Beef Stroganoff an Saturday, and my mother's place for a roast-chicken lunch today. A bit of retro time watching Magnum FI and all that 80s goodness.
Movies:
Mistress of the Spices - good date movie about Indian spice-magic in San Francisco (USA). Manages to be quite charming and light, not the sexy/steamy flick suggested by the cover.
Bandidas - silly pulp-western, lots of cleavage. Penelopy Gruz and Salma Hayek... nuff said. Give me Milla any day.
Not my usual style but these are good date movies that a guy can watch without throwing up.
News: NZX (Stock Exchange) is upgrading to GNU/Linux - way to go guys. [computerworld]
Overall this month is memorable for being hot and sticky, late nights with my course, and the demise of Arthur C. Clark. Probably the least accurate profit of science fiction.
Next post will be April 1st :) in the evening (NZDT). At which point, this month will be archived with the rest. Cheers.
March 28, 2008
Anybody reading the last post may think I have it in for Windows Vista. They'd be right, but that's not the point of the post.
The attitude which comes across in the Vista blog is that the update behavior should be expected and the complaints are silly. Microsoft customers need to realise that there are other ways of doing things, and they can expect (and should demand) better treatment. Microsoft developers have access to all the tools they need to impliment an APT-like update manager for Windows, (APT is Open Source after all) they just haven't. Customers should demand answers: "Why not?"
Meanwhile, the last lesson of term one has finished. I am going to call this a success. Term two will kick off with another seminar, like before. There were nine people at the seminar, five booked the course, but one dropped out when he found it involved reading.
There is some demand for an extension course, possibly covering OpenOffice.org skills. Suggestions are welcome.
Note: LOTD has changed - enjoy.
March 26, 2008
Vista SP1 is released for general use - MS Thralls can use Windows Update to get their very own
malware copy.
But, not everybody. According to the Vista Blog there are very good
reasons that SP1 may not be offered to you.
I was struck by the comparative openness of the same (update) process in GNU/Linux. I figured I'd do a point-by-point comparison. First, the Vista excuses:
- You have not yet installed all the prerequisite packages you need for Windows Vista SP1. To install them, visit the Windows Update control panel and click on "check for updates."
- You have a pre-release version of SP1 and need to uninstall it before installing SP1
- You already have it. To determine if you already have SP1 installed, Open the Start Menu, right click on Computer and left click on Properties.
- We released SP1 in these 5 languages: English, French, Spanish, German, and Japanese. If you have any other language installed, SP1 will not yet be offered to you. (You might not even know if you have an additional language installed -- check the Regional and Language Options control panel to see which languages you have installed.)
- Back in February we announced that we'd be using Windows Update to help make the update as seamless as possible for our users. Windows Update will detect drivers that we know may be problematic when updating to SP1 and will not offer the service pack until an update has been installed.
Many GNU/Linux distributions have managed updates too. However, there are striking differences in implimentation. For example: we don't do service packs
, instead, when a particular update is done, it is made available immediately. And, updates are not automatically installed, by default, or even downloaded.
As for the rest, this comparison is with the popular APT package manager available in Debian-based distributions.
- If you have not yet installed all the prerequisite packages, APT presents you with a list of those packages you need to install, and asks if you still want to update. Vista is not telling you which updates are needed - you must install them all wether you need them or not.
- When there is a fatal conflict with an already installed package, you will be told exactly which package conflicts and why. You don't have to guess.
- If you already have a package, APT simply tells you that the package you have is already the latest version and does nothing. Again, no guesswork involved.
- Many Distributions install a few hundred languages by default. Updates are always configured to handle this. If you are in a position to install updates (you are the superuser) then you will always be told if you have additional languages installed. (Of course, you may forget...)
- APT will check to see that the update is compatible with all your installed drivers. Free/Open Source drivers are updated during the testing process, and the updates are installed alongside the requested package - if you approve. Proprietary drivers are more of a problem, and issues with them may not appear until after the update release, and they won't prevent you from installing the update. When discovered, the maintainer is notified and you are pretty much dependant on their timetable for a fix. Even so, you will be able to return to an earlier, working, configuration - or install the update and enjoy increased freedom at the cost of reduced functionality. (Until the proprietary maintainer catches up.)
So: if you are a Vista user, the grass must be starting to look pretty green over here about now. Good luck.
March 25, 2008
Just returned from two nights on Waiheke Island, visiting all Corwin's old stomping grounds. The weather was gorgeous for our bitter sweet trip though memories beaches and playgrounds. Cathy had a symbolic swing at each.
Waiheke has become much more expensive - even acounting for the 15% surcharge on everything, it being Easter. For example, a breakfast out by Onetangi beach (2x Bagels, 2x coffee, 1x cake) was $32.00 ... much better value is to buy a picnic from the supermarket and sit under the pohutukawas by the beach.
The hole in the Rock vinyard made a welcome stop. Unfortunately all the "cold" drinks were warm. I'd have liked to be warned. And nobody knew who was supposed to be surving what, where, when. Still, walked off with a bottle of "sisters"... which I'll be trying tonight.
To dine without feeling ripped off, you need to head to the middle of the island - where the locals shop. The chinese takeout an Ostend never dissappoints and Molly Malone's Irish Pub + Restaurant (Surfdale) does a mean steak and guinness pie.
In general, it felt crowded: Waiheke is not a good place to go on holiday, during the holidays.
March 20, 2008
OSC Lesson three tonight. I'll be covering file formats and security. Lesson notes have been uploaded to the HBCLUG site - grab-em.
I've had an idea (hold the groans). How about, introducing a pay-rise for public servants and polititians keyed the their departments savings in license fees as a result of implimenting open standards? No more foot-dragging!
Meanwhile: an achingly sunny day. I must have a swim.
On a whimsical note:
The Windows Crash
(Sung to the tune of "The Monster Mash")
I was working hard, late one night
When my computer gave me such a fright
I had just hit "save" and I started to rise
When, suddenly, to my surprise
(It did the crash)
The Windows Crash
(It did the crash)
My data's all gone in a flash
(It did the crash)
It was a desktop smash
(It did the crash)
The Windows crash
(Waa--woo)
While three fingers, danced on the keyboard, clack
The door flew open with a resounding "thwac"
Steve Jobs rushed in and, in a fury, said
"This would never have happened if you'd used a Mac"
(It did the crash)
The Windows Crash
(It did the crash)
My data's gone in a flash
(It did the crash)
It was a desktop smash
(It did the crash)
The Windows crash
(Waa--woo)
Now I use Linux by you-know-who
To the sweet sound of Gates going boo hoo hoo
And when others wonder why I did it then
I tell them all about the night when
(It did the crash)
The Windows Crash
(It did the crash)
My data's all gone in a flash
(It did the crash)
It was a desktop smash
(It did the crash)
The Windows crash
(Waa--woo)
Oh look, multiple desktops
(Waa-woo)
All the tools I need out of the box
(Wa-wa--wa-wooo)
I feel so freeeee!
(Wa-wa--wa-wooo)
Oh Bill, stop crying...
March 19, 2008
And that was St Patrics day folks. All gone, with my Guinness supply (hic).
Folks in Wellington and environs, with old hardware cluttering up the place, take notice. "Oblong", a non-profit internet cafe, wants it. They don't have a web-page... odd... but they live at Left Bank, Cuba St, Wellington
Here's the message:
Oblong, a collectivised, anti-profit net cafe in Wellington has gear
that's gettin' old! And being that we have very little funds, I'm
putting a call out for your spare gear, because I know you've got a
pile, and probably a couple under your desk at the office too ;)
Below is the Kaupapa/Statement of intent for the space so that you get
an idea of what we're about. The space also hosts the Anarchist
bookshop 'The Freedom Shop', as well as donating any excess funds to
local groups andcampaigns (such as indymedia, Wtgn community resources
group, Save Happy Valley, The Magnetic Fridge Diary, etc etc).
Most of our pc's are running Ubuntu, and we're good supporters of free
software. We were hosting regular 'Linux Play' days, but recently
this hasn't been happening, these will hopefully start back up soon.
We're in need of any pc's of a decent spec really, it depends what
you've got, but we don't have the resources to play with lots of old
tech. Also, decent monitors of 17" or greater would be nice. If you
have something you think _may_ be useful, just email me with what
you've got and I'll see if we can use it. I can come pick up also.
Any help and support would be hugely appreciated.
Thanks!
Daniel
032608
Oblong Kaupapa
Oblong is an anti-profit, collectively run affordable Internet cafe,
information sharing, exhibition and workshop space.
We are entirely volunteer run and collectively owned and operated.
Everyone who contributes to Oblong has an equal voice in deciding how
the place is run.
We aim to provide a safe, welcoming and friendly space for everyone,
free from all forms of oppression and abuse.
Oblong volunteers offer free one-on-one assistance when possible for
those who are not familiar with computers and the Internet. We also
offer workshops on topics such as Indymedia, Linux and self-publishing.
We encourage the use of open-source software and operating systems.
Last day for the OOXML Petition has past. The site is still in the LOTD - I'll change it next post.
You know - it occurred to me that there is always a hidden cost with the economic one, and they are difficult to extricate. In software for example, the proprietary world charges you money, but also expects you to give up some freedoms. Particularly, there is the freedom to know how your system works. The Free software world also has a freedom tax - you give up your freedom to be ignorant.
There's an article in that for someone - maybe I'll beat you to it.
March 15, 2008
Rant: Is it just me or does IE suck more than ever?
People viewing this page in IE (any version) will notice that the menus arn't quite right. If you've been using IE6 under XP, chances are the layout dosn't work after sp3 gets applied. This is nuts: how is anyone supposed to keep up? No wonter the xhtml 1.0 sites are all so simple!
Particularly vexing is the way the list (no decoration) parsing seems broken.
The list decoration is the bullets or numbers or pictures to the left of the list items. There is a code to set this to "none", in which case, says W3C (and it's their standard) the list should be left-adjusted to the start of the list regeon - i.e. where the decorations normally line up.
Every browser in existance does this... except IE. Why not? What's wrong with these people?
This is important because the hbclinux style menus are actually formatted lists. This is useful, all I need to do is write a list of things to go in the menu and the css builds the actual menu for me. In html, I'd have to describe each menu item individually, which gets to be a drag.
IE's habit of over-indenting undecorated lists means that the menus don't fit in the available space... so either the left menu items end up behind the main content area, or the right menu ends up under everything else.
We have international standards so this sort of thing won't happen. The only explanation for IEs non-conforming is that MS doesn't want it to. And why wouldn't they want it to? So everyone has to write web pages for the number-1 browser out there, and none of the others will work. That's why.
Seriously: don't use IE.
Meanwile: More movies today...
-
The Hogfather: A two-part adaptation, for TV, of Terry Pratchetts book, done as a pantomime. Dockery totally nailed the role of Susan Sto-Helit (Death's Granddaughter) and the Oh-God of Hangovers was ... easy to identify with. TP purists won't like it, but I thought it was impressive. Also an unusually incisive dissection of the values we associate with xmas.
-
Next: Nicolas Cage plays a guy who can scan up to two minutes into the future. There are inconsistencies in the portrayal of his abilities and some of the consequences. And we can ignore the Philip K Dick reference.
Still enjoyable - I was wondering all through the film why it is important that our hero can scan much further ahead when it ivolves his love interest... and that bit is revealed at the end.
St Patricks day Monday - I have Guinness ready. Don't expect an entry then :)
March 12, 2008
Researching Full Disk Encryption (FDE), with an eye to GNU/Linux.
This whole area of security is fascinating. Personally, I never keep anything on my laptops that I cannot afford to lose. Personal data goes on my keydrive - which gets encrypted alright. But the trouble with FDE on the system drive is that the system files need to be in the clear in order to boot the computer. In windows, that's the C:\windows\system32 folder. In GNU/Linux that's /boot.
There are a large number of disk-encryption products which claim FDE. TrueCrypt5 for eg, PGP-Disk, DiskCrypt, and so on. What happens is, you install, and next time you boot you get a DOS-like screen asking for your password. Get it right and your computer boots normally.
The idea is that this protects your personal data when you lose, say, your laptop. You want to encrypt the whole disk because you don't know where the OS is going te write your personal stuff, just temporary like.
However, I have been unable to find any application that actually encrypts the entire drive. What they do is create an encrypted container for the C:\ drive (or what you specify) and put the application files outside this. The bootloader is configured to load the application - which authenticates you, and passes control to the OS. Which means that there are unencrypted system files on your computer, they are just not the ones that came with your OS.
In GNU/Linux, the encryption application is the installed kernel. That is to say, encrption is built in. This is why you cannot encrypt the /boot directory. Which is not a problem, because linux never (routinely) writes any data there, certainly not anything personal. Never.
Unlike, certain proprietary OSs which can write to any part of the drive whatever it chooses, GNU/Linux is restricted by an elaborate permissions + contexts scheme. This action is simply verboten. So there is no way compromising information gets there short of you saying:
sudo cp ~/secret/compromising.pron /boot/
Notice you have to be root - entering a password? I doubt this could happen without you noticing.
In Linux, FDE is security theatre!
To protect a linux box, all you really need to encrypt is /home (where your personal data lives) and swap (where temporary data gets written). So what you do is you put /home on it's own partition - like having a seperate drive for your personal files - then it's easy.
If you are paranoid or lazy (or both) you can put /boot on it's own partition, then encrypt everything else. If you are really paranoid, you can make the /boot partition live on a removable drive - it needn't be big - a 1GiB keydrive will do. Then - no key, no boot. Nada.
So how come FDE is such a big noise? Easy: Windows. It makes a lot of sence in Windows because your files can end up anywhere on the disk. You need to encrypt the whole space just to be sure.
This leaves the possibility that someone could arrange to insert malicious code in the small unencrypted part of the drive - say: a keylogger. ("How?" you ask? How does any malicious software get on Windows?)
First thing it logs will be your password ... I have not seen anything in the supplied documentation (read: advertising) for any FDE applications which allows their authentication routine to run from an external drive. Maybe some can, they're not advertising this.
Under GNU/Linux, the only way malware gets on the /boot partition is if someone steals your laptop, extracts the HDD, installs it to another computer, mounts the (unencrypted) /boot partition, installs the malware (image the drive while they've got it) save, exit, replace the drive, return the laptop... all before you notice it's gone.
How paranoid are you?
How motivated are your attackers?
This is where the paranoid option comes in - keep the boot partition on a keydrive. Now the theif has to steal your laptop (for the disk image), and that plastic thing on a chain around your kneck (for the boot partition).
Personally, I think anyone that motivated will just put a gun to your head.
That exact scenario produces a policy of "plausible deniability". You are stopped at a checkpoint and the guard wants you to turn the laptop on - "decrypt the files please". In which case, apps like Truecrypt will create a hidden container that holds the real secrets, while you show the guard the false one.
Nice idea. You are hoping the guard won't confiscate the laptop anyway. National security. And you have to realise that the NSA won't allow this stuff out of the country (USA) if it couldn't detect it. It certainly won't stand up to inspection actual with hacking tools. (B'sides, won't the "TrueCrypt" logo popping up at boot tip them off?)
An easier approach is to have the laptop boot to a nice familiar Windows desktop, bunch of documents, some photos, music, normal stuff. Nothing covert. But only when your keydrive is not plugged in. With the drive plugged in, the real OS starts up.
You can do this if you multi-boot. Windows is, therefore, living in seperate partition - it's like using a false bottom on your breifcase, but harder to detect. Vista will dual boot, but not seemlessly like this. It's much easier in GNU/Linux.
While there are parts of the world where these measures may be needed, not in New Zealand. It should be perfectl safe to keep the boot partition on the HDD and put your encryption keys on the keydrive.
If there is interest, I'll write an article about the encryption tools.
March 10, 2008
Here's a must have. The
Linutop computer is a full Ubuntu fat client the size of a paperback. That's smaller than most thin clients. Look how it cleans up your desk. Only 250€ . How cool is that?
I'll wait for the quad-core version :)
Meanwhile:
Stardust - The Princess Bride for the 21st century. Very much worth it. This is the movie I was going to take Cathy to when it came out - but missed it and saw the Golden Compass instead. Definately better.
Day Watch - Long awaited sequal to Night Watch. Even more convoluted that the last one - hard work, and needs a repeat viewing to get it. Not for kids.
There is a
Petition
... which you are urged to review - and sign. It concerns the adoption of Office Open XML as an international standard. The free software communities position is that it should not.
The petition closes on the 18th of March - don't be late.
March 9, 2008
Robert Schumann, at SFD.org, has forwarded the following announcement. It's been shortened for brevity. I'll add this to the HBCLUG Calendar too.
ref.http://documentfreedom.org/News/20080220
Introducing Document Freedom Day
26 March: A global day for document liberation
Sign up your DFD team today!
The Document Freedom Day (DFD) is a global day for Document Liberation with
grassroots action for promotion of Free Document Formats and Open Standards
in general. The DFD was initiated and is supported by a group of
organisations and companies, including, but not limited to, the Free
Software Foundation Europe, ODF Alliance, OpenForum Europe, IBM, Red Hat and
Sun Microsystems, Inc.
On 26 March 2008, the Document Freedom Day will provide a global rallying
point for Document Liberation and Open Standards. It will literally give
teams around the world the chance to "hoist the flag": A "DFD Starter Pack"
containing a flag, t-shirt, leaflets and stickers is in preparation and is
planned to be sent out in the first weeks of March to the first 100 teams
that sign up. Sixteen teams already signed up during the preparation phase
of the DFD prior to this release. Sign your team up now!
[snip]
About Document Freedom Day:
The Document Freedom Day (DFD) is a global day for Document Liberation. It
is a day of grassroots effort around the world to promote and build
awareness for the relevance of Free Document Formats in particular and Open
Standards in general. The DFD is supported by a large group of organisations
and individuals, including, but not limited to Ars Aperta, COSS, Esoma, Free
Software Foundations Europe and Latin America, IBM, NLnet, ODF Alliance,
OpenForum Europe, OSL, iMatix, Red Hat, Sun Microsystems, Inc., The Open
Learning Centre, Opentia, Estandares Abiertos.
The list of DFD supporting groups can be found at
http://documentfreedom.org/Who
The list of DFD teams is available at
http://documentfreedom.org/Category:Teams
Further information:
http://documentfreedom.org
Contact:
mailto:contact@documentfreedom.org
I have no immediate plans to start an HBCLUG team for this. However, it may be worth seeing what is in that DFD pack before making a final decision. Maybe a display at the library?
March 7, 2008
First Nightschool Lesson delivered successfully. Nobody brought computers - but it seems I have only five paid students, so my laptops worked well enough for the night.
The format of providing a bunch of notes and a license to play about seems to be working well. Students seem to be enjoying themselves, though one walked out announcing "I'm not into reading." Or words to that effect. Hopefully he was just tired.
I'm learning a bit too.
Since nobody brought computers, nobody was able to take the notes home. I've fixed that by adding the tutorial notes to the HBCLUG website. Feel free to grab them - the licenses are a bit of a mish-mash as they come from all different places.
March 5, 2008
At last: migration complete. I get to write about things again. I've put a redirect on the old blog page in case I miss something or someone has hard-linked there.
I have been typing out the first three lessons in the course - it comes to about thirty pages. It'll be more when I add the pics. I'll add it and the supporting files to my keydrive in case I need to sneakernet things.
With any luck I'll be able to pursuade the school to supply monitors and HIDs so students don't need to lug their entire rig around. We'll see.
University have not hired me this term... nobody has contacted me, I can only assume that they have a surplus of grad students willing to take up the workload. C'est la vie.
Cathy has become a big 24 fan (Keifer Sutherland et al.) which is speading up my recoding my backups for viewing. Meantime, I've got hold of the Resident Evil Trilogy. Watching those back to back should leave me suitably paranoid. I also picked up Freejack (for Mik Jagger's acting) and Videodrome (David Cronenberg hallucinogenic paranoia + James Woods and Debbie Harry? Nuff said!) so if you see me on the streets twitching slightly - that's normal.
Death to Videodrome! Long live the new flesh!
