Blog slightly fixed
I spent some time fixing some outstanding issues with my blog.
The LiveJournal import on my blog had the wrong timestamp. I had some old ruby script that I'd written two years ago when I still believed ruby would someday become my language of choice (it didn't) which converted the livejournal XML exports into something that blosxom would grok, but it didn't work anymore. Apparently ruby's XML library API changed slightly between then and now. Read /usr/share/doc/libxml-ruby/README, updated the script, ran it again, and it worked. So now the blog items are dated on the date they were actually written, rather than 2005-02-17.
Since a few weeks, I've been offering a myrss
version of my
blog feed, which contains a saner version of a link to the item (linking
to the path that I wrote it in, rather than some date-based ugly stuff).
Liferea choked on it, though, as did the feed validator. Turns out I managed
to enter a few minor typos. Fixed those. Apparently the typos weren't of
the magnitude that planet would
choke on them, but still.
So now my blog is slightly improved. Isn't that great.
I still wonder why I have this blosxom-writing-php-scripts-with-home-grown-comment-system rather than, say, drupal, but that's for another day.
OTOH, drupal doesn't allow me to write a blog entry using a simple svn commit, with magic commit hooks fixing everything. Let's keep things as they are.
RIP, hotplug
No, I am not going to maintain hotplug, as I was previously considering. Reason: too much work, too little time. I'll just periodically rant on #debian-devel about how this newfangled bullshit sucks so much, instead.
Voting tactics
Why is it that only people in a jurisdiction where they use a broken voting system (such as, say, first past the post or instant-runoff) know about 'tactical voting'? Frankly, I'd be surprised if anyone in my family even knew what it means to vote 'tactically'.
For reference, Belgium uses proportional representation throughout. In fact, it was a Belgian guy who invented proportional representation.
oh well.
Voting tactics, again.
In response to my blog post about voting tactics yesterday, Russell claims that there are no tactical voting problems in instant runoff voting, immediately following that in the next paragraph with an explanation of how there actually is tactical voting in Australia's Instant Runoff.
Err. In my opinion, every instance of tactical voting is a problem. Your mileage may vary, of course.
Next, "proportional representation" does not equal "everyone is a candidate everywhere". For the house of representatives, Belgium is divided into a number of "kieskringen" each of which elects a predefined number of candidates into parliament (the number of candidates per kieskring depends on the number of people living in that kieskring). This way, we have proportional representation while still having the members of the lower house representing geographic regions.
Note that I'm not claiming proportional representation is the best election system ever; it still doesn't allow me to fully explain what my vote preference is. However, proportional representation does not have the brokenness of Instant Runoff voting in that with IR it may happen that placing one candidate before another on your ballot may actually hurt the cause of the former in favour of the latter.
IRC quietness
Day changed to 09 aug 2007 22:38 -!- foobar ~foobar@XX.XX.XX.XX has joined #debian-68k Day changed to 10 aug 2007 00:08 -!- foobar ~foobar@XX.XX.XX.XX has quit Quit: Leaving Day changed to 11 aug 2007 [13:04] [Yoe(+i)] [6:#debian-68k(+nt)] [Act: 2,7] [#debian-68k]
Really quiet channel, that.
My languages
Inspired by Joey's similar page, I composed a list of programming languages that I know (or, in some cases: programming languages that I once knew).
'Jam' session
At debconf7, I brought my (brand-new) flute, and urged other people to bring their instruments, too; and on tuesday, we had some fun playing together. As we were playing, people started entering, and suddenly we had an audience. What fun.
Anyway. Dave Noble had the idea of videotaping most of it, and this ended up being uploaded to the meetings archive along with the other videos. As I checked today, the high-quality version has been uploaded as well. Which is way cool.
Thanks, videoteam!
"empty" LDAP addressbooks
Bernhard R. Link blogs about LDAP addressbooks in Thunderb^WIcedove, and mentions:
Also don't be confused by no records shown in the new addressbook. I guess that is some measure against always loading a possibly large remote addressbook. To test just enter anything in the search field, and the matching records should show up nicely. (I'm not sure if all versions allow searching for substrings. If they do, try searching for the at sign, to get a full list.)
Actually, the reason is that an LDAP server is not a database, and it is not required to return the full list of matching items of a search, if that list is sufficiently large (I believe the RFC suggests a minimum of 100 items to be returned); this is to avoid people DoSsing the LDAP server by accident. It also means that the suggestion to search for the at sign to get all items in the directory may not work.
countmail
Jordi blogs about mail (in reply to a number of other people), and mentions a rather interesting application.
wouter@country:~$ countmail ZERO! ZERO MAIL MESSAGES! HAHAHAHAHA! wouter@country:~$
Unfortunately, all is not what it seems. Apparently countmail doesn't support Maildir.
Asterisk adventures, and the DECT gap.
A customer called me a while back, requesting whether I could help him set up asterisk. Since I hadn't previously played with asterisk, we agreed that I'd try out stuff, and then do a demo setup, so that he could decide whether that is okay for his needs.
So I bought me a Linksys SPA-3102 ATA (with one FXO and one FXS port) and a Linksys SPA-921 IP phone, and started experimenting.
Didn't take me long to figure out that the SPA-921 works, but that if I want to use a company-wide directory (which was a requirement for that customer), I have to use a Linksys proprietary protocol, which Asterisk obviously doesn't support. Someone then told me that Snom's hardware phones have LDAP support in their hardware phones; so I bought me the Snom 300 as well, and played a bit with the system.
After experimenting for about two weeks or so, alltogether, I've now got a demo setup that fulfills most of his requirements, and I can show why others can't easily be implemented. Which is cool.
Afterwards, I'll be stuck with an ATA and two IP phones that I have no immediate use for at the office, so I was thinking of taking them home and using them there. We've got way too many phones at home anyway (one upstairs, one downstairs, a fax, and a DECT basestation with no less than four handsets), so adding the ability to call eachother might be useful.
Except that I can't seem to find a DECT basestation that appeals to me. The one we have doesn't have VoIP, so that'll need replacement. Just connecting it to the ATA could work, but then transferring a call from a regular phone to one of the DECT handsets would be troublesome, at best; what I would prefer is the ability to give each of my DECT handsets a separate asterisk extension; in effect, a DECT - SIP bridge.
What I've found so far in DECT basestations that allow me to somehow link the DECT phones to a computer, is appaling.
- At first sight, the most interesting option is the Siemens Gigaset M34 USB, a USB dongle that speaks DECT. Unfortunately, there are no Linux drivers, as far as I could see. So this one is right out.
- There are several manufacturers who sell DECT base stations that speak SIP and/or H.323. Most of those, however, want to be a PBX as well; this gets me the same problem as the one above where transferring a call between a DECT handset and an "other" phone is troublesome. Some of the more expensive ones allow you to have two VoIP connections at the same time (<sarcasm>whoa!</sarcasm>), and I've seen one that allows to configure multiple SIP accounts, but it didn't say whether I could configure a SIP account as belonging to one specific handset -- which is what I'd really need. Most of them also come with at least one non-optional handset, but I'm not looking for more handsets...
- There are also a number of DECT - SIP gateways that are really built for connecting multiple handsets to a VoIP PBX, and are really what I'm looking for. Unfortunately, the prices I've seen suggest that these are only economically viable in case you're working with a large corporate DECT setup, such as the one they use at the hospital where my dad used to work. I don't feel like paying €1100+ for DECT connectivity.
So now basically I'm left to conclude that there is a gap in what's available in DECT basestation products; one that allows me to connect a low number of DECT handsets to a network through SIP, and has nothing more. It'd be cool if one existed...
Chroots? Jails!
Russel Coker blogs about securing a daemon using a chroot, and offsets it against SE Linux. He argues that SE Linux provides better security; no doubt.
One downside about SE Linux, however, is that it's far more difficult to configure correctly than a chroot. Setting up a chroot involves creating a directory, copying or bind mounting stuff in there, and then just using the chroot system call (either from a shell script or from a daemon). Setting up a non-standard daemon using SE Linux involves a very fine-grained process of allowing access to files and system calls that many people inexperienced with SE Linux will find too hard to do.
OTOH, he's right that it's possible to break out of a chroot, and thus a chroot system isn't totally safe.
This is why the FreeBSD developers implemented the jail system call since FreeBSD 4: basically a chroot on steroids, it implements a basic form of virtualization -- your "chroot" gets an IP address assigned, and jailed processes cannot communicate with processes outside the jail other than through TCP/IP or some other form of networking. Processes outside the jail can modify stuff inside it, of course (it remains a simple directory).
Of course, Linux doesn't have anything like the jail system call, but it's easy to set up a similar level of security using virtualization, in a way that is far easier for the uninitiated than when using SE Linux. That's not to say that jails or virtualization will give you the same level of security that SE Linux can offer (e.g., with jails or virtualization a user can still exploit a bug in a network-facing daemon to turn your machine into a zombie; SE Linux can make this impossible), but it's a different option.
Whoa, hold your horses
Lazyweb posts can be fun. Especially if you didn't intend to do a lazyweb post, but rather just wanted to rant
I did find that the M34's predecessors do have Linux drivers. Screw Siemens for not providing tech specs. Siemens, you suck. However, someone was nice enough to offer me his M105. Perhaps that'll work, provided the thing allows more than just one connection. (Side note: am I the only one who feels that anything which matches "M[0-9]*" sounds like a gun model?)
Someone else placed a comment on my blog, saying that the Siemens S450IP might do what I want.
And then a whole bunch of people told me through three media (mail, IRC, and blog comments), that ISDN DECT basestations usually allow one to assign different phones to different ISDN lines. Add an ISDN connection to the asterisk system, connect that to the DECT basesystem, and you can connect a specific handset to a specific asterisk extension.
Different standards.
Sébastien Wains, whom I've just added to Planet Grep, blogs about how he's migrating from RedHat and CentOS to Debian and Ubuntu. I guess he's doing it for all the right reasons, of course, but reading his article, I still disagreed with him on some points. Different standards, I presume?
apt-get must be 1000x faster than yum
And here I was, being incredibly annoyed at the fact that apt can be dog slow from time to time.
minimal install really IS minimal (you don't even get telnet), it takes minutes to install and is like 450Mb big
Perhaps it's just me, but when I think of "minimal", I think of the potato and woody days, where a minimal install was only 200M or so. And even that is huge for some purposes.
Oh well.
Cooking
Mom turned 60 earlier this week, and her brothers and sisters (i.e., my uncles and aunts) are coming over tomorrow. Thomas, my brother who's just graduated as assitant-cook (or some such, I don't know the exact title yet), is doing the food, and I've been volunteered to help.
He got me to wear this:
Fun, isn't it?
New hackergochi with Gimp 2.4
As you may have noticed, I've got a new hackergochi. This has two reasons:
- I noticed that since a couple of weeks there's a new Gimp in the archive (a release candidate of Gimp 2.4), and I just had to check it out,
- The picture of me wearing the cooking costume thing was just way too funny to ignore.
Previously, selecting a head from a picture with a very busy background was almost impossible to do. In my case I had a single-color blue background, but I've helped some people do theirs, and in one extreme case I we had to zoom in to the max and manually follow the lines separating the head from the background. This took a very, very long time -- like a day or so.
Gimp 2.4 comes with a selection tool called the "Scissors Select tool" that seems made for creating hackergochis: you click on some line that appears on your picture, and a dot appears. You click on a second point along the same line—a line which may be straight, or which may be curved, or which may be zigzagging—and the tool just follows it.
In this particular case, the background was a very busy cabinet. And yet selecting my head against that background was done in less than a minute.
Way cool.
NMBS accident
Gotta have a first time for everything, I guess...
I took the 20:24 train home last night. This connection isn't an immediate one; it requires me to switch trains in Antwerp Central. Usually, that train arrives there right after the one to Essen—the next one I have to take—has left, requiring me to wait in Antwerp Central for the next train, half an hour later. I usually avoid the :24 for that reason, but this time I thought I'd do a walk through the Antwerp city center to spend the time waiting.
As I arrived in Antwerp, I saw that the train to Essen hadn't left yet, so I thought I'd hurry up and make it for that train. As it turned out, there was no need for me to hurry...
Just as I had found a seat on the train, some staff member arrived in
our coupé to tell us that the train would be significantly delayed
because an accident
had happened somewhere before Kapellen (read:
someone had been ran over by a train). After some half hour or so, it
was announced that we'd be driven to Antwerp Berchem, and that we'd
there switch to buses.
Now this isn't the first time that my train is delayed because of an
accident
, suicidal or otherwise, which needed to be cleaned up;
but it was the first time that they put me on a bus
instead.
Interesting experience, that. The trip took only 20 minutes, whereas it usually takes 10 to 15 minutes by train (depending on the exact train you take), or 30 minutes by regular bus service. Those 20 minutes include a significant detour that the bus made for some reason which isn't entirely clear to me.
I sure hope I never have to experience this type of delay from the
cause
side of the event, though...
Cute
The Belgian Navy recently acquired a new
frigate, baptized the Leopold I
; and it's leaving soon on a
training trip. The TV news just had an interview with the captain of
this vessel, who declared that the function of a frigate is to protect
"other vessels"; one of the examples he gave was "a carrier vessel".
What he neglected to mention is that the Belgian Navy, in all her glory, doesn't have any carriers. In fact, it doesn't have any ships that are larger than frigates.
But hey, at least this frigate has a helicopter pad, so maybe it qualifies.
Then again, maybe not.