random neuron misfires

BBC employees are to be banned from connecting their PDAs to the BBC’s computers unless they run on the Microsoft Windows PocketPC 2002 platform.

“We believe PocketPC includes all functionality and is one the most secure platforms available.“ [my emphasis]

Employees have until summer 2003 to change their PDAs or refrain from porting them to BBC computers.

I hope BBC was paid well by Microsoft to make that public announcement. I haven’t seen any major flaws or breaches where a Palm or Psion handheld PDA was used in some insecure fashion to exploit, steal, or “hack” into any corporate networks… at least none which cannot also be done with a PocketPC.

Microsoft, OTOH, has had at least 3 security advisories per month for the past 4 years, sometimes more.

• Movers arrive tomorrow. Still have to disassemble
  this desk! More packing remains.

• Liquid polyurethane foam isn’t the best way to pack monitors. Time for Plan B.
• Truck must be relocated soon also, or donated.
• pilot-link will have to be released when I’m on the “other side”.
• Am I attending Palmsource in two weeks?
• Cox Cable better live up to their bandwidth promises.
• Server relocation must happen promptly.

Zurk, how noble of you to certify yourself directly as Master, without even a single project under your guidance. Perhaps you might want to take a look at the Certification Overview and think of a value which suits your personal contributions. Your Sourceforge entry doesn’t seem to contain much. Your homepage seems to be down. I did find your ZDoc homepage though. Perhaps you should add your project to the
Advogato project page.

You complain that you lost your certification, and that you can’t post. Perhaps you need to contribute to some community projects or Free Software work. You are judged by your peers here, by your contributions, not by your “friends”.

You aren’t “owed” certifications, you earn them. Just a thought…

Things..

• belated Christmas shopping
• friends from the past
• pilot-link hackery
• packing everything into boxes
• power outages
• voratious hunger
• unstable sleep pattern

SPAM Honeypot

I just looked at the logs from my spam honeypot script running on my box, and there was one spam harvesting engine stuck in it
tonight, and it had already hit it 25,813 times before I finally blocked it with iptables. Each new link it found, it spawned
a new instance of itself and begain spidering the page again. This is purely evil.

At over 200 unique fake email addresses per page, that’s over 5,162,600 fake email addresses that my script successfully populated it’s database with. Too nice.

PG&E

I had my power shut off today at 12:40pm, and I called PG&E to restore it at b>2:30pm, the power flickered on for 1 full second at 3:48pm and was off again.

I called them again at 5:18pm and then again at 6:26pm. They told me power was restored. Uhm, no. They said they would dispatch another truck, but it could take up 8:00pm.

I decided to just fix it myself. I went downstairs into the ahem “locked” Utility room and right next to my meter was a little PG&E post-it that said “Service Restored” and a tech’s name. I opened the little metal flap over the breaker, and it was in the Off position. Gar!

Why do I always have to deal with this ineptitude? Next time they cut my power, I’ll just march back down there, ahem “open” the Utility room, and turn it back on.

Autoconf quote of the day:

“Using autoconf is like playing chess from 20 feet away by flicking a rope to move the pieces…” –mbp

It’s Thu Jan 24 02:17:58 PST 2002 and I’m not even tired yet.

RoUS, VMware is something I know a great deal about, inside and out. I can probably help you.

I’ve gotten many unsupported USB devices working, regularly sync my Palms over USB, Ir, and serial into and out of vmware guest images, and have no problems with NAT or DVD playback.

Hit me up in email and I can help you out. I have some tweaks as well, that you may want to implement, which will speed up the performance of that NT image for you inside the vm.

I have about 12 images I use in vmware on nearly a daily basis (and as I type this, FreeBSD 4.3 is happily compiling gnome inside VMware right now on another window).

I rely on it quite heavily for my cross-platform work, where I need a “soft” box to test in.

Sony Debacle II
Cross-posted from my original Slashdot posting on the same subejct from today

I’ve been hoping they’d learn, but they still do not. I just checked the Sony Palm Developer website, and they have a Windows binary of POSE, the PalmOS Emulator. This binary covers “PEG-T600C/T400/T415” models and another binary on the same site covers “PEG-S and PEG-N Series” models. The source code that they have available only covers “PEG-S and PEG-N Series” models. These are all from November 20th, 2001.

Sony, where is the POSE source code for the “PEG-T600C/T400/T415” series version of POSE? You have
two new models of Clie devices on the horizon, and I’m sure that developers would like to begin supporting them, further increasing your sales margins. You have a Windows binary of POSE available that supports these models, you are legally bound to provide the source code which generated these binaries.

Here’s a quote from your PalmOS® developer page:

The source code will be available with the final version.

Sony, listen closely.. you really need to make yourself aware of the GPL before you blindly violate it like this. If you come back with the excuse that you are “cleaning up the code”, you are still in violation. “Cleaned up” code will produce a different binary. You are bound, by the GPL, with releasing the source code which generates any binary you create and distribute from that source code, Windows, Unix, or Macintosh.

I will be in attendance at Palmsource in a few weeks, and I hope you will be as well, because I intend to fully bring this to the attention of yourself, and everyone else there. I have been quiet about this issue, but believe me, I am not backing down.

I have reluctantly added support to pilot-link for the Sony devices, most of which are randomly designed in nature, so that you can see increased sales due to the non-Windows users purchasing your hardware. How about giving back to the community that has been supporting your bottom line for the last two years, instead of raping and stealing from it?

I see only one way that you can claim that you are allowed to proceed with this violation, and that would be if the original copyright holder of xcopilot relicensed or sold the copyright to that code to Palm and then they in turn relicensed it to you. I do not see that being the case, since all previous versions of POSE that you have made available have been based on publically available GPL versions of the codebase. From your own site:

This is the same software level as Palm OS® Emulator 3.0a8 (PEG-S and PEG-N Series) and Palm OS® Emulator 3.2 (PEG-T415), distributed by Palm,Inc.

I anxiously await your public response to this matter.

More news about my friend Rex who was shot and murdered in front of his store. It seems as though the accused wanted to be friends with Rex, and not just a “customer”, and was upset because Rex was treating him like any other customer.

“Mrs. Adamson stated that she knew her husband didn’t like the storeowner Rex for no particular reason other than William wanted to be friends with him and Rex treated William just like any other customer and that Rex thought that he was better than everyone else,” the affidavit said.

Some people really lead sad, sad lives. I’m sorry you had to be the target of someone else’s weakness, Rex.

slef: Don’t feel so bad. I nurtured that network long before it was usurped by lilo. Back when it was still called “Linpeople” (faces of the original crew) many years ago. I moved #palmchat from Dalnet to OPN (and lilo decided to bend under the whining pressure of the founder of the Dalnet channel and removed my founder status and gave it to the other person).

I moved #ipaq and #handhelds.org over to OPN from gimp.org (well, it was a collective decision, I jumped and founded them to secure the channels, and then handed the foundership over to a7r and nikos).

What did I get for my troubles? lilo decided to g-line me from the entire network (there was also a situation where I was banned from #linpeople there, because I was in a heated discussion involving Windows vs. Linux with another person there. It was “decided” to ban me, because out of the two arguing parties, one of them had lilo on /ignore (me), so I was banned).

Too bad I’ve been there long enough I have enough ways in and out without having to make myself visible. Some day I’ll post the logs of his little private conversations with me that led up to the g-line. Maybe some day that network will grow up, but right now, it’s all posturing and positioning with ignorant non-community people in control.

As you said, there are dozens of other networks to participate in, and they’ve been around longer, are more stable, and much more friendly. I’m doing what I can to nurture those networks now. I’ve outgrown the small, constrictive box called OpenProjects. Other networks are benefiting from my skills and input now, there’s no need to go back to kindergarten.

I don’t normally cross-post stuff like this in my diary, but I got to reading all of the background on the whole Napster thing and the new .NAP file format. I’m disgusted that it’s come to this. This is going to solve nothing. The RIAA missed the boat on the Internet as the next distribution medium for their labels, and once again, the cost of that is pushed back on the consumer.

After further reading, I found this article, from Courtney Love (don’t skip it because it’s Courtney Love, trust me, read it). It’s worth a read. Its really well put together, and covers a lot of issues I never even realized about “Sharecropping”, and how bands are raped by their label. Bands now have to file for bankruptcy just to get out of their agreements, so they can pay rent!. The RIAA is trying to regulate this, so that it’s harder for bands to declare bankruptcy. Uhm, excuse me?

“It’s piracy when the RIAA lobbies to change the bankruptcy law to make it more difficult for musicians to declare bankruptcy. Some musicians have declared bankruptcy to free themselves from truly evil contracts. TLC declared bankruptcy after they received less than 2 percent of the $175 million earned by their CD sales. That was about 40 times less than the profit that was divided among their management, production and record companies.”

“Toni Braxton also declared bankruptcy in 1998. She sold $188 million worth of CDs, but she was broke because of a terrible recording contract that paid her less than 35 cents per album. Bankruptcy can be an artist’s only defense against a truly horrible deal and the RIAA wants to take it away.”

You can read all the gory details here.

I’m pissed because my radio got stolen from my locked Jeep back in March, and the only way I can listen to music right now is on my computer(s). I rip every cd I buy to ogg and some mp3s. I do not share them with anyone other than myself and my
girlfriend. There are independant labels that I do distribute mp3s of, but I have full consent of those bands themselves, and I do not listen to the raw cd’s themselves because it’s very inconvenient to do so.

All of this CPRM, RIAA, etc. madness is leveraged to take that away from me. How much longer before we’re told what data we can and cannot make, and what medium we can store it on. Maybe I should listen to ‘strings /dev/urandom > /dev/dsp‘ more. Oh wait, now that’s bypassing copyright controls, so I’m in violation of the DMCA.

…back into the cave I go. Much more work before the 0.10.1 release of pilot-link.

opie, some of us here are quite familiar with Palms, PDAs, and other handheld PIM devices. I only own about 22 units, so not that many, ranging from almost every Palm made, my Helio, two iPAQs, my Agenda, two Cybiko units, and handfuls of others.

As you know, I’m the maintainer of one of the packages you can use to connect your PDA to your desktop and sync data. You may want to look here for a matrix comparison of every Palm made. It may give you some ideas, depending on your needs.

…anyway, in other news progress continues on many fronts.

I have an interesting viewpoint that whytheluckystiff, Waldo, rasmus, raph, and lkcl have not yet raised (and I’ve brought this
up before).

There are certainly many more projects out there, increasing the “breadth” (acceptance) of the Open Source and Linux community, but as you have all mentioned, not really increasing the “depth” (killer app) of the Linux community. Hit Freshmeat and see how many new toolkits, bindings, php-based “forum” applications, web mangling tools, etc. show up daily. Dozens. This is how the “new and nimble” are penetrating into the Open Source and Linux communities. They may not be able to write a Mozilla replacement, but they can prove they understand code (in some cases), the licensing, their peers, and how to get their name out there.

The point that’s missing, is that back when we all got started in the early to mid 90’s with Linux, it was easy to know everyone that was doing it. You knew who Linus was. You knew who RMS was. You knew the key people responsible for making it happen. You could email them. They would respond. But more importantly, you could easily contribute to their projects. Patches and suggestions were implemented almost by design, rote.

Now however, the bar has been raised by quite a few notches. It’s much, much harder to get a patch accepted to the Linux kernel than it was 5 years ago.

Let’s look at the PHP project for example; when it was authored, it was successful. It filled a growing need (and still does today), and it was used by thousands of people. If that project were to have started this year, it would have been buried under the “noise” of the other thousands of “web mangling” applications out there. It would take much longer to grab hold of the market it
currently has. It may not have even been a successful project, certainly not like it is today.

The fallout of the “bar” being higher for acceptance, and that the older projects still move forward, is that new users don’t know where to contribute. And as lkcl said, maybe they don’t have the skills to take on the project or task they want to use or contribute to. New Open Source and Linux community members are actually afraid to contribute because they fear being shunned, ousted, or humiliated publically for their patches, code, suggestions. We need to nurture those new users, new contributors. As we age and elder, we have to begin connecting people who we believe can take the project(s) forward. Assign like people to like tasks, make sense of the noise, and act in a more “educational” role than a “physical” role. Once they get it, they’ll get it.

One of my own projects has recently fallen under this spell. I have found some skills that I lack, and have been trying to make a call out to those who I believe can help, both in code and in testing. Some have responded, some have hinted that they can help, and the majority of others have indicated they just don’t know where to begin, but they would if they had that answer.

I’ve been taking steps to clean up my codebase, documentation, and even the way I respond to people on related mailing lists, so that the “vision” behind that particular project remains clear and focused, and that there are enough little compartmentalized sections that people who wish to contribute are not being asked to eat the elephant. The people who are here and know what I’m talking about know, because I’ve been plugging person A into person B, on task C, and so on. When I see a need, I find a person that I believe can fill it, or at least guide another person into that hole. It’s worked well.

That’s just my 0.02c, but I’ve seen the frustration from users, developers, and people who have contributed and now refuse to, as well as people who want to contribute, but can’t find a way to “scale the castle walls”. The skills are out there, we were all not unique, but there’s just more people than there were before. It’s both a good and a bad thing. More forks, more fractures, more “distractions”, but it’s also more eyes, hands, testers, and contributors.

Nurture. If the new contributors think the bar is too high, let’s give them a boost to help them climb that wall.