Liudvikas Bukys

Yakov Shafranovich on Sender ID and software patents from Microsoft: Part I,
Part II

Update: Eric Raymond is “quoted a promise of a license with no royalties and no requirement to sign an agreement.” That would be helpful if such a license came to pass.

• This is an unhappy conversation on many many levels:
  

  AKMA:

  The officer in question (whose conduct was entirely professional, firm, and calm behind those mirrored shades) solemnly assured me that in order to use the library’s open wireless signal, I had to be seated within the library. The officer then wandered on back to the nearby police station.

  …

  ‘Maybe if you had permission it would be all right, but it’s a new law, sir; ‘theft of signal.’ It would be like if you stole someone’s cable TV connection.�

  …

  ‘It’s a federal law, sir; a Secret Service agent came and explained it to us.’
  
  [via Blogos]

• The comments on the article above include the useful link EFF: Best Practices for Online Service Providers that advocates minimizing legal problems by minimizing information collection.
• Having had to dig hard to track down aggressive intruders, I also worry about lacking the ability to investigate attacks on infrastructure (mine or everybody’s). While this application of “theft of services” looks bogus, it is a tool that I’d like to have when somebody is really attacking my network or systems. Meanwhile, there is a permanent tension between knowing what’s happening on your network (say, if you’re an ISP tracking botnets) and maintaining ignorance as a legal defense.

James Lick: Tracking A Zombie Army (PDF)

[via Asrg]

Aaron Boodman:

Forget everything you know about creating pop-up windows. Most importantly, forget you ever knew that the javascript pseudo-protocol ever existed . Do you hear me??

Never, ever, ever use the javascript: pseudo-protocol for anything, ever ever ever ever again. Please. Pretty please. The next time I click on a hyperlink, only to have it cause an error in my browser, I am going to hunt down the author and pound them into holy oblivion.

and the correct code is as follows:


<a
href="http://google.com/"
onclick="window.open(this.href, 'popupwindow',
'width=400,height=300,scrollbars,resizable');
return false;"
>
Click me any way you desire, now or later, bookmarked or not.
I will not attempt to control you, nor punish you, for I am a
simple hyperlink; eager to do your bidding, while remaining ever
helpful. I anticipating desires, but never trample possibilities.
This is the way of the Link.
</a>


See also the comments
for subtleties, such as pop-up forms.

[Via Jim O’Halloran]

A colleague of mine discovered that a scripting error had caused a few months of his Apache access logs (compressed with gzip) to get transferred in FTP ASCII mode before being archived to DVD. He asked whether there was any hope for recovery.

Those FTP transfers corrupted about 0.4% of the input bytes. Because every bit counts in a compressed file, these errors send the gzip/inflate decompressor “into the woods” pretty quickly, and every error disrupts the expansion of everything afterwards. The output turns to unrecognizable gibberish almost immediately. The decompressor itself doesn’t know it’s lost until the final crc check. (There are few illegal states on the way; if there were, that would mean that there is redundancy in the data, and a compressor’s job is to find redundancy and squeeze it out.)

The state of the art among the numerous “zip file repair programs” out there seems to concentrate on only two easy fixes (please correct me if I’m wrong):

• Fix incorrect crc/checksums so that users won’t get an error message any more.
  This doesn’t repair any data, but it does recover from some trivial file truncation or extension things that must happen occasionally to somebody (else why would this function be helpful?).
• Skip over archive members with corrupt data and find other members that are not corrupt. This is useful if the cause of corruption is a bad block on the hardware medium.

Neither of these does anything to improve corrupted data.

In the general case, solving this problem by brute-force search through all possible repairs is not feasible; unless the file is small, it’ll still be running when the lights go out on the universe. It turns out, though, that if the data has some structure, that’s enough to prune most of the search tree, and prioritize the rest, so that the highest-probability possibilities are tried first.

Apache access logs have plenty of structure, so my colleague got back a close match to his original data. I’ve documented the process
(look here for slightly more detail)
to offer hope to others in difficult cases of critical data in otherwise hopelessly damaged files. Unfortunately it’s not a turn-key process, each case requires a certain amount of tuning based on the cause of the corruption and the structure of the data.

A great OS demo anecdote from Bryan Cantrill that starts with the true observation that:

One of the downsides of being an operating systems developer is that the demos of the technology that you develop often suck. (“Look, it boots! And hey, we can even run programs and it doesn’t crash!”)

and continues on with a story about a core dump in front of customers.

I am taking these on vacation:

• Grant Comes East (book)
  by Newt Gingrich, William Forstchen.
  Volume 2 of an alternate history of the U.S. Civil War.
  I found Volume 1 (Gettysburg) engaging, even though I am not a Civil War buff.

• Telluride Sessions (Audio CD)
  by Bela Fleck (banjo), Sam Bush (mandolin), Jerry Douglas (dobro), Mark O’Connor (violin), and Edgar Meyer (bass). My favorite virtuosi.

Here’s a 10% discount at Amazon if bought by August 3, 2004.

International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management Frequently Asked Questions (November 2002):

ISO/IEC 17799: 2000 is a management standard, and deals with an examination of the non-technical issues relating to installed IT systems. These issues have to do with such matters as personnel, procedural, and physical security, and security management in general.

The Common Criteria standard is a technical standard. It is intended to support the specification and technical evaluation of IT security features in products. Normally, the products are evaluated as part of the development/production cycle. The Common Criteria standard also has a major usage as a structure, syntax and catalog of information technology specifications that can be used to describe user technical requirements for security in products.

…

The current US position is strongly in favor of the major revision of the [17799] document, which is currently underway. While there was no official US government position expressed, US TAG members from both the Commerce Department (via NIST) and Department of Defense (via the Defense Information Systems Agency) supported the US position.

Daniel Berrangé: A Comparison of features for the current generation of operating system trace tools (Solaris 10 and patched Linux)

[ via Bryan Cantrill]

Dan Bricklin’s essay Software That Lasts 200 Years is provocative.

We need to start thinking about software in a way more like how we think about building bridges, dams, and sewers. What we build must last for generations without total rebuilding. This requires new thinking and new ways of organizing development. This is especially important for governments of all sizes as well as for established, ongoing businesses and institutions.

I don’t quite agree with the analogies, but I am provoked.
Rather than thinking of ways to make software stable and useful for the long haul, I think that the better perspective is that data is long-term, so data design, data formats, interoperability are the important issues. It does not matter whether I can run ancient programs, it matters that the valuable data can reliably be exported, imported, or directly accessed via ever-better tools. One way to ensure stability of infrastructure is to freeze the tools forever; the other is to be prepared to use a different tool every day.
The fact that I can move my weblog back-end from Radio to Movable Type to something else makes the data itself more stable and valuable, not less.