Related link: http://www.parrotcode.org/

One of the prime advantages of dynamic (or agile) languages — the integrated compile and run phase that handles source code directly — is actually a bit of a drawback in some circumstances. If you’re doing very fast low-level bit twiddling, Perl, Python, and Ruby probably aren’t for you. It can be difficult to approach the speed of good assembly or optimized C code.

In some applications, such as high-volume number crunching or real-time games, this is a big drawback.

Fortunately, much as you can drop to raw assembly from C code, you can link your favorite dynamic language with C or C++ code. Unfortunately, it’s usually tedious. Every newer language improved on things. Perl 5’s XS is reasonably easy for the easy things, but can require a downright arcane knowledge of the sometimes-squanmous Perl internals for the complex things. Python is easier. Ruby is easier still.

The Swig project exists to make writing language bindings easier still, but it’s still not easy.

If Parrot, the VM for Perl 6 and succeeds and attracts other languages, it may present an easier solution. Because of Parrot’s design, it’s amazingly easier to write bindings for other libraries. Even better, you can write your bindings once, to Parrot, and then they’re available to all languages that run on Parrot.

Imagine that everyone who looked longingly at PyGame from Ruby could actually use that very library from Ruby.

I’ve been working on just that project (well, not quite a full PyGame port — there are still some details to hash out). At the Portland Perl Mongers meeting on 14 April 2004, I’ll present SDL Parrot by introducing Parrot, Parrot’s Native Call Interface, object oriented Parrot, and, finally, all of the SDL bindings I can implement by then. See the web page for details.

If things go well, I may show off a custom animation language running atop Parrot in the next couple of months. Here’s a snippet of Parrot assembly code (as low-level as I can program productively) that draws a blue square to whet your appetite. Remember, this is an assembly language.

.pcc_sub _main non_prototyped, @MAIN
	load_bytecode "library/SDL/App.imc"
	load_bytecode "library/SDL/Rect.imc"
	load_bytecode "library/SDL/Color.imc"

	.local pmc app
	.local int app_type

	find_type app_type, 'SDL::App'
	new app, app_type

	.sym pmc args
	new args, .PerlHash
	set args['height'], 480
	set args['width'],  640
	set args['bpp'],      0
	set args['flags'],    1

	app.'new'( args )

	.local pmc rect
	.local int rect_type

	find_type rect_type, 'SDL::Rect'
	new rect, rect_type

	new args, .PerlHash
	set args['height'], 100
	set args['width'],  100
	set args['x'],      270
	set args['y'],      190

	rect.'new'( args )

	.local pmc color
	.local int color_type

	find_type color_type, 'SDL::Color'
	new color, color_type

	new args, .PerlHash
	set args['r'],  0
	set args['g'],  0
	set args['b'], 255

	color.'new'( args )

	app.'fill_rect'( rect, color )
	app.'update_rect'( rect )

	sleep 2

	app.'quit'()
	end
.end

This is just one piece of the puzzle for Game Programming with Parrot. Stay tuned.

Related link: http://local.google.com/

Google’s just rolled out an updated version of their interface. I’m especially interested in
local.google.com, which finds local businesses. If I’m looking for
a burrito place near McHenry, IL, Google will give me a list, and even show me
a map of where they are. Sometimes Google will also link to the website of the company, but that also seems incomplete in what it knows about.

The implementation on this is really nice. The search results are sorted by distance from the city, but you can add a street address and get distance from there, especially if your house isn’t near where Google thinks the “city” starts.

For the most part, things work like you’d expect. I do a search for “shoes” and get
10 pages of shoe stores.
Unfortunately, their list of stores seems hit-and-miss.
My beloved Tacos El Norte doesn’t show up in the aforementioned burrito search. Also, I can search for
currency exchange and get local hits, but
the closest payday loans place is 23 miles away. (Oh, if only it were true!) If I look for
payday loan (singular) there’s one eleven miles away.

I’ve thrown about 50 different search items at it (tires, books, hardware, printing, business cards, macintosh, etc etc), and only two results have been strange, and I’d think it would be a common search. Search for “smut”, and Google returns a list of bars in the area. Looking for local “porn” turns up
a list of lawyers. What is Google trying to tell us?

What cool new things have you found on Google today?

Related link: http://www.falkotimme.com/projects/survey_smtp_032004.php

Falko Timme’s March 2004 survey of Internet e-mail servers reveals that Sendmail, Postfix, and Exim run over 70% of the 106,000+ mail servers surveyed. Keeping track of trends here would certainly be enlightening.

What other Internet services does FOSS do best?

Registrars, registries, registrants…

When registering a domain name^*), we can choose from a lot of registrars. Simply put, registrars are the middlemen who interact with registries on behalf of registrants. Got that?

Well, the terminology is a bit confusing, so let’s start with some definitions [Abley, 2003].

1. “registrant” - the organization or person responsible for a domain;
2. “registrars” - the middlemen who interact with registries on behalf of registrants;
3. “registry” - the organization which maintains the register and publishes the zone;
4. “register” - the data that is maintained by the registry.

For a comprehensive listing of all ICANN-Accredited Registrars, see this overview from ICANN.

The domain registration process

Because there are so many registrars, guidelines and policies are important. In a presentation from Joe Abley (ISC) you will see in detail what’s exactly going on after you hit that submit button and order your favorite domain name.

DNS Registries (PDF, 285KB)

Presentation by Joe Abley during APRICOT 2003

In his presentation, Joe talks about EPP: the Extensible Provisioning Protocol. This is one of the technical protocols that Registrars will use during the registration of domain names.

EPP defined: EPP is an application layer client-server protocol for the provisioning and management of objects stored in a shared central repository. Specified in XML, the protocol defines generic object management operations and an extensible framework that maps protocol operations to objects.

The original motivation for this protocol was to provide a standard Internet domain name registration protocol for use between domain name registrars and domain name registries. This protocol provides a means of interaction between a registrar’s applications and registry applications. It is expected that this protocol will have additional uses beyond domain name registration.

Current status of EPP (March 2004)

A complete set of EPP documents from the Provisioning Registry Protocol Working Group has now made it to RFC. These RFCs describe the EPP protocol in technical detail. EPP meets and exceeds the requirements for a generic registry registrar protocol as described in RFC 3375: Generic Registry-Registrar Protocol Requirements (Sep 2002).

• RFC 3730: Extensible Provisioning Protocol (EPP)
• RFC 3731: Extensible Provisioning Protocol (EPP) Domain Name Mapping
• RFC 3732: Extensible Provisioning Protocol (EPP) Host Mapping
• RFC 3733: Extensible Provisioning Protocol (EPP) Contact Mapping
• RFC 3734: Extensible Provisioning Protocol (EPP) Transport Over TCP
• RFC 3735: Guidelines for Extending the Extensible Provisioning Protocol (EPP)

In case you’d like to know more about this topic, you will find these resources helpful as well:

• ICANN - Resources for Registrars
• ICANN - Resources for Registries

*) This article describes the process for registering some of the major generic toplevel domains (gTLD), such as .com, .net, and .org. Terminology and procedures mentioned in the documents are not necessarily the same for ccTLD domain names. And in fact, not even for all gTLDs. Thanks for this remark, Chris!

An event to be held at the University of San Francisco on April 3rd will bring together hundreds of people to attempt to create a “FlashMob Supercomputer” — and crack the TOP500 Supercomputer Sites list.

The event, dubbed “FlashMob I”, will bring together hundreds of volunteers. All will bring laptops or other machines to contribute to the effort.

Each person will connect to a high-speed data network and boot their machines from a CD-ROM containing a customized version of Linux with everything they need to boot their machine to participate in this historic event. No software will have to be installed on their computer in order to participate.

The event is being coordinated by FlashMob Computing, a group founded by graduate students at USF interested in Supercomputing. Their goal is literally to ‘democratize supercomputing’ and spread the idea that any group with enough members can literally create a supercomputer to assist in solving problems that require serious computing power.

All participants will receive a t-shirt (of course!), a badge and a certificate of participation. Following the event will be a LAN Party where gamers can hang out and play against each other on a wicked high-speed LAN.

For more info, check out FlashMob Computing.

Related link: http://news.com.com/2100-1037_3-5178640.html

Few will make the connection. But yesterday’s news about a Supreme
Court ruling on municipal phone networks represents another knot in
the noose tightening around the neck of new and innovative
communications technologies. Twenty years from now, as we’re all
complaining about the lack of viable and affordable high-speed
communications–just as people were complaining twenty years ago, and
as we are complaining now–we’ll hardly remember the quiet gurgling
noise made by the promise of innovation as it got slowly strangled to
death. And unless we learn the tricks of the dominant monopolies, we
will pass through death after death.

The first finger on the throat: Section 251 undermined

What constitutes competition? The landmark Telecom Act of 1996 was the
communications update to Nikolai Bukharin’s call on Russian peasants:
“Enrich yourselves.” Here, the long-distance, local, and cable
companies were supposed to invade each other’s turf and vastly expand
communications offerings for the public. But the 1996 act left scant
opportunity for new, small providers. It did open a chink in the armor
of monopoly through the well-known Section 251, which required
incumbent phone companies to open their networks to competition in a
variety of ways. But the Bell companies made sure that part of the law
would subsequently be rendered toothless.

The major extraction was performed by Michael Powell’s FCC on August
21, 2003, when it heeded Bell company claims that the requirement to
support competition was holding back their own deployment of
high-speed connections. The FCC cleverly worked around the spirit (in
my opinion) of Section 251 by separating phone networks into the old
and the new. On the old ones–which support ADSL at best–competition
would be required as specified in the Telecom Act. On new
ones–especially those built on fiber–the Bells would not have to
allow competition.

Well, maybe the gutting of Section 251 was inevitable; a lot of
observers figured it would be. The Bells were so effective at making
life impossible for competitors that it would have taken years of
sympathetic courts (which, as we will see, are not anxious to play
that role) to force a competitive environment. The hundred little ways
Bells undermine the law have been documented in lawsuits and FCC
documents, as summarized in my article

Bell Telephone Companies’ Applications to Enter Long-Distance Market.

Furthermore, the Bells made sure over and over, year after year, to
get their well-funded congressional backers to introduce bills that
would weaken Section 251. The FCC knew it was under tremendous
political pressure to give the Bells some relief, and since Powell’s
sincere ideological bent lay in that direction anyway, Section 251 had
to give.

The pressure increases: competitive charges overturned

But the FCC has been consistent about promoting competition in one
manner: by setting low rates for the lease or sale of incumbent
telephone companies’ lines and equipment. The FCC figured that most of
this stuff had been laid down ages ago and had paid for itself many
times over; it was about time to share the wealth with competitors who
might make better use of it. (I will look at the implications of sunk
investments later in the article.) So the FCC tried to set prices
based not on what it cost to install the equipment, but on how much it
could earn in the future–in other words, to treat the incumbents on
the same level as the competitors.

The Bells found that a pretty hard vampire to kill, but it looks like
they’ve finally sunk the silver stake in place. The matter has gone
back and forth in the courts for years, but the tide has turned
against the FCC. Whatever the merits of the courts’ rulings, the
effect is to cut off innovation and sacrifice the public interest in
favor of the Bells’ monopoly status.

Sliding up the other side of the neck: municipal networks constrained

If it is effectively impossible to offer service over existing phone
equipment, new equipment must be laid down. And that requires a major
economic player; Mom-and-Pop ISPs are not the ones to drive this
revolution. Enter, then, the municipal governments.

Cities around the country, alarmed by the loss of jobs and population
and understanding that only a modern telecommunications infrastructure
offers the hope of survival, have become so frustrated by the refusal
of existing phone companies to build advanced networks that they’ve
taken the law (so to speak) into their own hands. Just as cities built
electrical grids and other utilities in the past, they are building
their own phone and cable networks today.

Despite the incumbent phone companies whining and hand-wringing over
declining profits, they turn out to have plenty of money to stop this
threat too. The cities and towns are truly their most formidable
competitor, and they’ve left no stone unturned in the fight against
municipal networks. In dozens of states they’ve gotten laws passed
that specifically target municipalities. These laws ban the creation
of municipal networks outright, or place on them onerous burdens in
terms of financing and regulation.

The cynicism as well as destructiveness of these laws is
staggering. Towns are closing up and blowing away in some parts of the
country. Young people abandon them for places with a more advanced
economic infrastructure. These towns need modern networks the way they
need a police force or water lines. And their

stories
reveal that they have repeatedly tried to get help from commercial
phone companies, to no avail.

So if you and your neighbors want to put together a lawn-mowing or
snow-shoveling collective, or organize to volunteer in your local
schools, you are free to do so. But in many states you can’t string a
network. The Telecom Act actually includes a clause prohibiting the
states from stopping competition. But the Supreme Court, in
yesterday’s ruling, assumed this clause applies only to private,
commercial firms. You and your neighbors–you have no right to
compete.

Natural monopolies and unnatural acts

Most of the political attention in the computer industry is focused
right now on the Microsoft monopoly and the punitive European Union
fine. There may be little that governments can do in this regard,
because it seems inevitable for functions to be aggregated and
subsumed into a common base as they become widespread–as people take
them for granted. There was a time when Windows had no TCP/IP network
stack. Who could ask for that to be unbundled now? The question
becomes whether a single company can use its strangle-hold to suppress
innovation and extract an unfair amount of payment for a common
technological base.

In the same way, telecom seems to settle into a “natural monopoly,” to
cite the notorious term introduced by AT&T president Theodore Vail
in
1907.
But as it becomes more and more widespread and taken for granted, it
deserves less and less to be a cash cow for private companies. Even
back in 1907, Vail recognized that regulation was necessary. At this
point, municipal ownership can often be justified.

Backers of the phone company position have sneered recently that phone
companies are being unfairly constrained from using their own
facilities the way they wish. After all, they own the lines, the
poles, and the switching equipment. Who has the right to tell them how
to use it?

Well, the answer is that the companies don’t own a right to these
things free and clear. They’ve had ninety years of regulated monopoly
status during which to build them up. The public granted them the
right to lay lines and build networks. It was a partnership between a
company and the public.

Because capitalist laws are too crude to reflect this subtle
partnership, the equipment is formally the property of the phone
companies. But for phone companies to abandon their responsibility to
support competition would be the communications equivalent of the land
enclosures and expulsions that impoverished millions of people from
the seventeenth century to the current day.

What is the trend in competition?

Automated testing is the #1 investment we can make in software quality today. Here’s a simple example of one simple test accidentally uncovering an existing bug. The code is in Perl, but applies to any project in any language.

It all started easily enough. There was a little note sent to the Perl
bug database:

    perlop man page mentions: Binary "x" is the repetition operator
    ... repeated the number of times specified by the right operand.

    It should mention what about if the right operand is negative, e.g.,
    print '-' x -80

I figured I could make a quick documentation fix, and maybe even add
some automated tests to the Perl test suite.

The x operator in Perl does repetition on a scalar or list, as
appropriate. For example:

    $a = "abc" x 2;     # $a = "abcabc";
    @a = ("abc") x 2;   # @a = ("abc","abc");

If the right-hand operator is 0, then you get an empty scalar or list,
as appropriate. If the right-hand operator was negative, it was the
same effect as having it be zero. As the bug said, the documentation didn’t say anything about negatives, so I decided to investigate, and document appropriately.

I added a little sentence to the paragraph describing the operator, and
then I added some tests. If it’s worth documenting, it’s worth testing.
Documentation and tests are as much a part of the code as the code itself.

The t/op/repeat.t file in the Perl distribution already had a lot of tests in it, like:

    is('-' x 5, '-----',    'compile time x');
    is('-' x 1, '-',        '  x 1');
    is('-' x 0, '',         '  x 0');

So I added the obvious add-ons:

    is('-' x -1, '',        '  x -1');
    is('-' x undef,'',      '  x undef');

And then went to add them to the list-related sections:

    @x = qw( a b c );
    is(join('', (@x) x -14), '', '(@x) x -14');

Before I sent the patch in, I ran a full make test and found that
the last test didn’t pass. In fact, it caused a Panic in Perl, and the
program died. I boiled it down to a simple:

    @x = (1,2,3);
    @y = (@x) x -1;

Turns out that that case of a negative or zero operand wasn’t handling the stack correctly. Fortunately, this was only in the latest development version of Perl, but at least we found the problem.
A quick patch made it all better.

Some morals to this story:

1. Never underestimate the power of one little test.
2. There is no such thing as a dumb test.
3. Your tests can often find problems where you’re not expecting them.
4. Test that everything you say happens actually does happen.
5. If it’s worth documenting, it’s worth testing.

What bugs have you accidentally stumbled across, and how did you find them?

Karim Yaghmour, author of

Building Embedded Linux Systems,
told me he saw a demo of a Linux system that went from power-on to a GUI playing sound and displaying images in a little more than one
second.
This is, of course, a requirement for many consumer
electronic devices such as palmtops, and it was at the
CE Linux
forum a couple months ago that he saw the demo.

There were several tricks, some of them fairly simple, that permitted
the quick boot. First, the device ran the kernel from the FLASH card
where it resided instead of loading it into memory. Another trick was
to avoid the time-consuming countdown that a standard kernel uses to
figure out the approximate speed of the CPU. Since an embedded
developer knows what device the kernel is going to run on, it can be
hard-coded with the CPU speed.

There are certainly devices for which Linux is not suited, but it
proves pretty adaptable and is becoming mainstream in embedded
systems, as elsewhere.

The eXtreme Computing Research (XCR) group at Louisiana Tech University announced today the first public release HA-OSCAR 1.0 beta.

The HA-OSCAR project is a collaboration between the following commercial, educational and government research labs:

• eXtreme Computing Research at Louisiana Tech University
• Oak Ridge National Laboratory
• ImmortalComputing.com
• Open System Lab (Ericsson Research)

The goal of the HA-OSCAR project is to combine the High Performance Computing capabilities of Linux clustering with a new set of High Availability features. The are working to enhance Linux clustering to make it highly-available for mission-critical and downtime-sensitive applications.

A significant part of this effort has been spent in working to eliminate single points of failure in Linux clustering. Other features in the areas of self-healing, failure detection and automatic faileover and fail-back.

HA-OSCAR leverages clustering capabilities provided by the Open Cluster Group’s OSCAR 3.0 project.

An installation wizard has been provided as has a Webmin-based set of administration tools.

We are experiencing troubled times in the world at the moment, and security is number one on the list of priorities involving governments and IT. Not only does the world face a global threat of terrorism, but we also face the threat of virii, spam, spyware and other nasties. Protecting yourself from the vermin of the Internet is enough of a challenge for those with infect-able machines, but we also need to consider the bigger picture – government information and processing.

In my country (the UK) my government pledges to protect the country and look out for its best interests. Without wishing to wander down the road of a rambling political diatribe, these rights are in general well protected; there are obviously mistakes that are made, but these gaffs are part of the political scenery. It does however, seem that the government is concerned with a few key objectives for its governance and associated budget and party political speeches:

• Clarity – after the deep split in the country over the war in Iraq, the government is clearly wanting to repair bridges that may have spontaneously combusted that were once strong vessels for electoral glory. A government that came into power promising honesty has had a tough few months with the public accusing them of not been 100% straight with them.
• Optimisation – the government, and specifically Gordon Brown, have needed to spend some quality head scratching time figuring out how to gather more money from the British public without actually raising taxes. Part of this has been by cutting costs such as the cunning method of getting rid of a large amount of the pencil pushing civil service. These stealthy ways of bringing more notes and votes are not quite as lynch-able as raising other taxes or charging pensioners more money for putting that extra bar on the fire on.
• Security – in this aforementioned world of terrorist, virii, worm, spyware and other threats, security is a big issue. The government want to assure its faithful electorate that it is safe.

Reasonable aims I think. It has been mused in many a column inch that governments should be clearer and more honest with the public it serves, and these issues are of paramount importance. Although Gordon Brown may have run out of a lot of ways to pinch another penny from here or there, there does seem to be a subtle option that he seems to have failed to look over – saving money with Free and Open Source Software (F/OSS).

Microsoft has created a number of products that are in obvious use across the government. This includes Windows, Internet Explorer, Office and no doubt a stack of back end and back office servers and tools. Each one of these products costs money and this money is taken out of the public purse. Due to this public cost the choices made by the government need to be rightly justified. This justification should be offset with a list of requirements and another list of how these requirements are met by a particular product. It is therefore reasonable to say that a tender for a particular government service should be won if a particular product can out and out cater for government needs in a far superior way than any other product or vendor. In addition to this, the product should be suitably supported, secure, stable and time worthy; any additional costs to satisfy these additional core requirements would need to be justified using a similar method.

The problem that we face is that this justification does not actually seem to be justified. Across this country we have Microsoft products powering a number of critical branches of the government service tree including security services, health, prison, housing, offices and other areas. There seems to be a large roll out of this proprietary software but how could it be justified? In one way I make the assumption that Microsoft products have been chosen due to their apparent dominance in the market. This hails the theory of “a huge established company must mean popular products and high quality”. This is obviously not the case in all scenarios. I am sure there are many people out there who are happy with their Microsoft products, and these products work very well for them, but, there are however a number of people that experience common and unacceptable flaws in functionality with a range of Microsoft products. Although these flaws are not acceptable, but possibly admissible in a consumer market, these flaws are certainly not acceptable in a government landscape.

Part of the reason why instability is not acceptable is that it fails the concept of justification. How can a government justify backing a roll out of a large number of machines with unstable software that has been purchased from the public purse? I am sure there would be a public outcry if it were decided to construct lampposts with candles embedded as they work ‘most of the time’. Of course not, when the public piggy bank has been emptied into a vendors pocket, the public expect quality. The issue does not stop here however; we also need to consider this instability with the security risks of closed sourced software.

When I fill in my tax return and send it off to the government, I expect my information to be private and processed with due care and attention. This processing should still respect my privacy, but also seek to ensure accuracy in the processing. Faults are not acceptable. These simple requirements are abstracted somewhat with closed sourced software. When my information is sent to the government and I am assured that my privacy is protected, the details are carefully analysed by a well trained government official, but then fed into a machine that has a level of opacity due its closed sourced base. What use is it if the government are so concerned about the security of our nation, but they use software based on code that is largely hidden from them? I am in no way accusing Microsoft of dirty tactics with their software, but who knows? Unless we have the source available, Microsoft may be using secret alien technology harvested from a UFOs rear wing mirror for their code. We simply don’t know. For a consumer this may not be important to them, but again, when a government considers IT this needs to be of paramount importance. Why should my information go through the black box of a huge monopolistic organisation?

Some of you may respond to these comments about source code saying that the government do indeed have the Windows source code available to them. If this is the case then fair enough, but this still does not even compare to the number of beady eyes looking open source code. This concept of a closed sourced Operating System abstracting the processing of citizen information is a real issue. The government need to know what is going on all of the time. Naturally it is unreasonable for the government to employ programmers to read source code all day to ensure it is not dangerous – this is the reason why F/OSS has caught on so much – the community perform this task for you. You have piece of mind in the software because the community will not stand for any form of unscrupulous code at all.

Security is not just the issue here of course; there is the cost factor too. I am not going to reiterate the fine work of TCO analysis performed by others, but it is quite clear that F/OSS is a low cost option for not only an initial IT strategy but for future upgrades and maintenance too. In the government, as with charities, money is a big deal. Money cannot be frittered away on nonsensical activities and issues. The money needs to be well spent and again justified. Money saved with F/OSS in the government can mean a practical difference in terms of more teachers, more equipment and other costs. The idea here is that money saved from a particular sector should go back into that sector.

To me it seems like F/OSS could be a blessing for Gordon Brown. There is a potential to save a bundle of money, increase security/stability and also open up the government infrastructure to a community in a real sense. This infrastructure extends to ensuring that documents are written and made available in open standards, and that government websites use similar open standards. If I cannot access a government website in Mozilla I do not see how this is acceptable, nor do I see why I should have to purchase Microsoft Word to view a particular document. This is all about removing proprietary dependence for a client that is there for the greater good of the nation.

So what do you think? Valid points or drivel. Mark your words in the scribe below…

The news yesterday that China’s largest software testing organization was joining the OSDL was at the same time a bit exciting and scary to me as an American-based developer.

The government-funded Beijing Software Testing Center was founded in 2002 with a primary goal of accelerating the development of China’s software export industry.

What this means for Linux could be great — I mean having the government of the most populous nation on earth pouring resources into the development of Linux is amazing. This should have a real impact of Linux’s development — especially in the Chinese market and other markets in Asia.

On the other hand, it also means that we as Americans are at risk of facing yet another formidable, low-cost competitor in the software and services industry.

Unlike Microsoft Windows, which brings revenues in the end back to the US in dollars, Linux allows countries like China to be much more in control of their own destiny — and dollars. It allows them to grow software industries faster and to keep dollars at home that would otherwise be spent on software made here in America.

If here in America we tie ourselves to Windows (and the innovation rate of a single corporation such as Microsoft) we may find the rest of the world taking up Linux and using it to accelerate innovation collaboratively at a pace even Microsoft can’t keep up with.

Related link: http://www.futuresalon.org/2004/03/we_are_on_tomor.html

David Sifry CEO and founder of Technoarti
will present his latest
developments at the Future
Salon on the SAP Labs Campus in Palo Alto tomorrow Friday the 19th, 7pm.
Event is free and open to the public. [more
details].

His Technorati
Hacks presentation was one of the best sessions at this year’s O’Reilly
Emerging Technology Conference. Don’t believe me? Just read
Robert, David,
Joi,
Jason…
So if you are untested in where it is going with weblog aggregation swing
by the Future
Salon tomorrow. Sorry for the late notice.

The Center of Open Source & Government (http://www.egovos.org) has named an advisory committee that’s a who’s who of the open source community.

There are representatives from Debian, JBoss, the Linux Community, Python, Apache and a host of others.

If you’re involved at all in Government or know someone who is, they should know about this as a resource. The people on this advisory are available to advise government leaders on issues surrounding open source technologies.

According to their website, “The Government Open Source Advisory Committee is a group of Open Source project leaders who have agreed to help national, state and local government officials understand, use, develop and integrate Open Source projects into civilian and defense government software projects in a professional and respectful manner.”

There are many reasons, of course, why Free/Libre and Open Source Software are good for us as a country. To begin with, government has the same needs for performance, security and low cost that have driven businesses around the world to adopt open source.

But there are other needs as well. For example, it’s imperative that our governments be able to store information in non-proprietary file formats. Some of these files will archived as government records for years - maybe even generations. What would happen if a single vendor were to patent the ability to access data stored in their proprietary file formats?

Plus, there are proprietary software vendors who are aggressively lobbying governments around America and around the world to give open source a bad name. This organization and these people can help fight the FUD battle.

I thought of ICANN today when reading about the devolution of the Iraqi Governing Council, which managed to unite for just a moment to approve a constitution with about the half-life of lutetium. ICANN and the IGC: two institutions put in charge of ill-behaved constituencies and stuck in chronic failure mode. Could anything be learned by examining them at arm’s length? Indeed, different as they are, their histories contain several common elements.

• They were artificially created. In the case of ICANN, the U.S. Commerce Department implemented a hastily assembled and bizarrely structured proposal for a sui generis body in order to put a quick end to the uncertainty surrounding the Domain Name System. In the case of the IGC, the United States and its coalition partners had to make a desperate bid for legitimacy where they had no natural base of support in a country they were invading, partly because of suppression by the dictator Hussein and partly because of the sanctions and other unpopular international anti-Iraqi activities.

• They had no chance to establish legitimacy among the ruled. ICANN never even managed to establish what its constituency was, and ultimately suffocated its abortive attempt at democracy because two of its most vocal critics were elected to its board. The IGC suffers from the twin blows of being appointed by invaders and seen as short-timers.

• Their goals are contradictory. ICANN is supposed to promote competition in domain names and to protect trademark interests, the latter goal being most easily satisfied by preserving an artificial scarcity in domain names. The IGC is supposed to enable elections while protecting principles that would probably be overturned by elections, such as minority rights, equality for women, and privatization of oil and other industries.

• They need to sweet-talk their patron. ICANN goes before the Department of Commerce every year or two with promises to live up to fine language about representativeness in the Memorandum of Understanding it signed with the department. The IGC has to persuade the United States government that it is achieving stability–along with other American goals–in order to acheive the one goal on which nearly all the IGC participants agree, getting the military out.

• They struggle with constituencies that insist on working outside the system and that challenge their authority. Recent lawsuits involving Verisign and others, along with the challenge that the U.N. gave to ICANN at the
  World Summit on the Information Society,
  show that the boundaries of ICANN authority are completely obscure. The IGC, of course, is challenged by very frightening and very bloody violence on a daily basis.

The essential defect underlying all these problems is that each system deals with constituencies that disagree deeply on where the systems are heading.

ICANN will not become effective because there is no clear definition in the area of names and numbers about what effectiveness is, despite claims of interest among all parties for reliability, competition, and so forth. What is a good domain name system? One where names clearly indicate the weight and authority of the owner, as in a trademark? Or where anybody can have a desired domain name and where the names are catchy and evocative?

The IGC will not become effective because, even though most Iraqis seem to value the same things people value everywhere (security in their homes, control over the forces that determine their lives, cultural preservation, and so on) too many forces pull them in different directions. On the role of women, the degree of decentralization for Kurds, and foreign ownership of the economy, just to name three huge questions, they can’t find a common ground–at least a common ground that their occupiers would accept.

Meanwhile, each institution muddles along while accumulating bad decisions and a history that causes observers to hold their noses. We may be stuck with them, though. Perhaps, this weary observer thinks, it’s time to leave them alone and see whether they can limp along to their finish lines–whatever those may be.

Any commonalities?

Related link: http://www.moolenaar.net/habits.html

Just as a friend asks for advice on a text editor for programming, Nat Torkington sent along a link to vim creator Bram Moolenaar on effective text editing. Almost every vim trick I learn saves me much time and trouble later.

These rules deserve translation into other editor dialects. Emacs, pico, nano, BBEdit, joe, and Textpad fans, congregate!

Moving commercial developers to Open Source

An increasing number of companies are now adopting Open Source
as part of
their development strategy. A subject that is often overlooked is how
corporate software developers see the move towards using
software developed
in a community project instead of what they may have written themselves.

Getting developers inside corporations to see the advantages of using
and contributing to Open Source can be a long drawn-out process. I
spend a lot of time talking to large companies in Europe about using
Open Source software inside their enterprise projects and even though
corporate managers can be convinced with a few glossy slides why Open
Source is an advantage for them, getting the developers to catch on is
sometimes not so easy.

There is a lot of FUD when it comes to introducing developers to the
“Open Source way” and it’s important to understand the problems likely
to be encountered.

If it’s free - then what am I worth?

Back in the 90’s most corporate projects were written from scratch and
often “close to magic”. The only people who really knew the software
were the people who actually worked on it. And due to the lack of
documentation - they were doubly important. The value of developers was
measured in “lines-of-code” or in the number of modules they were able
to churn out. So it’s easy to imagine how scared your developer will be
if you suddenly point him to the URL of say an Apache project and state
“it’s all there - and for free. Use that.” Not only does the fog of
outsourcing send shivers up your developer’s spine, now it’s Open Source
too.

Another big problem is fighting the NIH (Not Invented Here) syndrome.
In many cases developers have refused to use an Open Source project for
their work and resorted to writing much of the same functionality
themselves from scratch. Why? Because they think they can do it better
or were unwilling to take the time to look inside the software to
see what makes it tick. A common argument is “I can write it quicker
and better myself than if I try and understand what the other developer
wrote”. While Open Source software is not always well documented (at
least probably not according to your corporate standards), this
argument probably stems more from the fact that the developer is trying
to maintain his perceived value.

An often quoted barrier in getting developers to dive into Open Source
projects is the bouquet of sometimes rudimentary tools the community
uses. Tools that perhaps your developer is not familiar with like CVS,
Maven, Scarab and IRC. Instead of getting dug into using the tools, I
have heard developers start endless discussions about the poor
usability of these tools when compared to the corporate environment they
have been used to for the last 10 years.

Participating in an Open Source community can be pretty daunting
challenge for a corporate software developer. Even more so if English
doesn’t happen to be your first language. It also pays to remember that
English is probably not the first language of many of the developers in
the project and therefore it is easy to misunderstand the emails -
especially when criticism is given. Due to the time-zone spanning
environment - remember that maybe the person you are emailing may have
just got up - or is just going to bed after 12 or more hours of
coding. As
email will be the main channel of communication, think
carefully about what
you write and resist the urge to quickly send off a heated response.

One of the new rules any corporate Open Source developer must
learn is that
it’s good to give back. Contributing your own work to the Open Source
development process earns you karma points. This means that the
more you are
able to give back – the more you will be able to profit from Open Source
yourself. It doesn’t need to be code. In many cases when Open Source
software is integrated into a corporate environment, the new
modules will be
specific to that environment. So it is important to point out
that you can
also support the project by giving back things like documentation,
test-cases, bug-reports, deployment statistics, performance measurements
etc. etc.

Getting there

So, what are the rules for getting corporate software
developers to work on
Open Source projects? Of course there aren’t really any rules –
just some
common sense tips that will ease the transition.

Create win-win situations for your developers by explaining how they can
profit from working on Open Source projects. They can gain
visibility and
respect from their peers by working on the project. They can
extend their
knowledge by observing how others may be solving problems. They
can perhaps
take over a key role in the project and gain visibility in the
community.

Provide time for developers to actually work on the project. Understand
that, even though they may not be working on the module you
need, they are
not “working for nothing”. Working on the actual project
(perhaps fixing a
bug or two) is one of the most important ways of gaining the
respect of the
other community members. The pay-back will be there if you need
a bug fixing
urgently and someone else jumps in to help. Becoming a major
contributor to
the project is also excellent marketing – especially if you
happen to be a
software-vendor or consultant yourself.

Any developer getting in an Open Source project will need to adjust
their working schedule to fit the distributed environment and time-zones
of the Open Source projects. Give your developers the flexibility to do
this. Firewalls that don’t let Open Source tools like IRC or Instant
Messaging work are going to prevent your developers from really getting
involved in the communication process.

What about the developers themselves? Well a major point is certainly
getting to know what makes the Open Source project tick. So join the
mailing-lists and lurk for a while. Find out how the project is
structured.
Observe how the community interacts, who is the leader and who
is lead? Read
between the lines to understand the relationships before
jumping in. Don’t
be inpatient and expect quick answers to problems you may be
having with the
software. Perhaps that particular question has been answered
several times
already. Check the mailing-list archives first. If you find a bug then
report it – and if possible fix it as well.

Understanding the social aspects of joining an Open Source
community will
certainly provide some input for successful participation.
Developers from
all over the world meet to work together on a joint project.
This allows the
developers to also socialize with people from different countries and
cultures. A natural and important extension of this virtual
community is to
meet-up at conferences and get to know one another personally.

And lastly, a tip that is really the easiest way to get the
Open Source ball
rolling in your company - get someone in who can talk to the developers
about Open Source. A peer who can alleviate any fears they may
have. Forcing
your developers to accept Open Source and “like it” is just not going to
work.

Related link: http://gumstix.superlucidity.net/

Zach Welch has created the first community sponsored site in support of the ‘Stix.’ He has much better photos than mine and lots of information on the kernel and a cleaner Linux distro.

He had Kernel 2.6.4 ready for the Gumstix six hours after release! Way to go Zach!

I showed my Gumstix off last night at Dorkbot (”people doing strange things with electricity”) in San Francisco. There was an Electrical Engineer there from a major company who said that the board was completely modern. “That’s the pitch we use at work.” And with his company that was a strong endorsement.

Everyone also agreed that the daughter board was emminently hackable.

Things are just moving right along!

Disassembling the Gumstix

My initial post on the Gumstix elicited the desired reaction: people gave me information! The way to get fast answers on the net isn’t to ask a question, but to post information that isn’t true.

My friend Adam Flaherty (major creator of the NoCat night light among other feats of techno-coolness) wanted to see the Gumstix. So we got together at Aroma Roasters and drank coffee while prying apart the case and unscrewing things with my Swiss Army knife. What we found, and a quick web search, reveals all sorts of fun potentials.

First a look at the hardware. Taking turns Adam and I were able to pry apart the plastic case. Sadly it was glued together, so it suffered under the onslaught of two caffeinated geeks bearing tools.

Depending on which half of the casing pops off first you will see the back of the daughter board. the silver can popping through the slot on the left side of the bottom is the crystal from the Gumstix. The two chips on the right are the transceivers for the two serial ports. The two clusters of solder blobs on the top right are the back sides of the serial connectors.

The Gumstix and the much larger daughter board are held together with one screw. Removing that with a pocket knife yielded several near misses, and the separation of Gumstix and daughter board. The front of the daughter board reveals the two serial ports (top left), the power connector (the rectangle next to them), the USB connector (top right) and the spring connector to the Gumstix.

Moving to the Gumstix itself we have the MMC memory socket, shown here with a 128 mb MMC card, and some electronics.

Flipping over the Gumstix shows a bunch of interesting chips, and on the far right, the pads that connect to the mother board (or to other devices of your own creation. Cue scary music and maniacal laughter…).

The description of the ‘bare-pad’ connector is available on the Gumstix site. To me the interesting thing is that we appear to have access to the I2C bus. This is a 2 wire bus designed to connect CPU’s and microcontrollers (yes, I know that those are the same except for size…) with various devices, such as LCD displays. Take a look at the connector spec and let me know what I’m missing!

I have more to write about the Gumstix hardware and software tool chain, but I’ll save that for another day. And now, hopefully I’ll be able to put it all back together, otherwise I suppose my Gumstix will become a paper cut on the bleeding edge!

Tell me what I can do with that I2C bus…please?

Related link: http://veta.irowan.com/

Now that I have a Nokia 3650 phone, I get to explore all of the fun toys and software that use Bluetooth.

My latest fun has been Veta Universal, which hooks up with my PowerBook through Romeo. With it I can control various applications and features, such as starting the DVD Player, adjusting the volumes, controlling iTunes, flipping slides in Keynote or PowerPoint (expect to see that at a conference soon), and many other things. All of this and more for $8.

Installation was not as straightfoward as it could have been, and the documentation and web site have some room for improvement, but some of that is my unfamiliarity with how the phone does things. This is the first application I have installed on my phone.

It is pretty simple: transfer the Veta file to the phone with Bluetooth File Exchange. For some reason I keep getting a warning that says the phone does not know what to do with the file type, but I ignore that. The file shows up in my incoming messages, and when I open it the phone puts it in the right place with a little prompting (and I just do what it tells me).

This is where I was a bit confused. I started Romeo on my laptop, but it could not find the phone, although I could tell it was attempting a Bluetooth connection. I have to start the Veta application before Romeo can connect to the phone.

If you have not paired your phone with your computer already, you have a few other steps to get this to work.

Romeo has a couple of settings to handle the phone going out of range and coming into range, and it can automatically reconnect(or not). I can even set my open AppleScript commands to run for these events.

I have not had a lot of time to play with Veta yet, but I was hooked in the first few minutes. Now I just have to figure out how to write my own Romeo plug-ins.

Do you use Veta?

Related link: http://www.gumstix.org

The Gumstix computer (also see Gumstix.org) is a tiny 200 or 400 Mhz single board computer based on the Intel XScale processors. with Linux Kernel 2.6.0 in flash ram. They have 64 mb of RAM. You can get your Gumstix as a tiny little board, or a ‘full fledged’ computer. I orded mine with a 128 mb MMC memory card. So what do you get in a tiny package? A 400 mhz Linux box that will run on 3 AAA batteries.

My goal is to create a small geoannotating computer. I want a general platform to which I can connect arbitrary sensors and other annotation devices and link them with continuous GPS tracklogs. But first things first.

So how do I talk to it? The first challenge is to connect. The Gumstix comes with the console set to ttyS0,115200n8. I ordered a serial cable with my unit. So I was able to connect to power, connect the serial cable to the Waysmall Computer and to a serial port on my Linux box and login to the Waysmall from minicom with only slight troubles (all of them of my own creation!)

From my Linux terminal I started minicom and set parameters:
^A P
set communications parameters to 115200 8N1
^A T
set terminal emulation to ANSI

^A O
selected serial port setup, set hardware flow control to none.

This presented a friendly linux prompt!


# uname -a
Linux gumstix 2.6.3-rc3 #1 Fri Feb 20 11:10:22 PST 2004 armv5tel unknown


Then, following the instructions, I mounted my MMC Card:

mknod /dev/mmcblk0 b 254 1
mkdir /mmc
mount -t vfat /dev/mmcblk0 /mmc

Within /mmc was the file root_fs_arm. So I mounted that with the loopback device:
mount -t ext2 -o loop /mmc/root_fs_arm /mnt

At this point I had a read only file system on / and /mnt. The MMC card contains a reasonably full development environment, while still leaving nearly 60 mb of file system.

# df
Filesystem                Size      Used Available Use% Mounted on
/dev/ram0                 3.9M      1.8M      1.9M  49% /
/dev/mmcblk0            124.7M     66.9M     57.8M  54% /mmc
/dev/loop0               66.5M     49.5M     15.1M  77% /mnt

I decided to test the compiler by writing /mmc/hello.c
Create test.c as:
main () {
    puts("string");
}

Sadly that barfed. Now I am pretty sure that it is me, and not gcc, that is at fault! But if you have any ideas, please let me know!

# /mnt/usr/bin/arm-linux-gcc  test.c
pgd = c22ac000
[00240224] *pgd=a398a011, *pte=a3b2505f, *ppte=a3b2502b
PC is at 0x228004
LR is at 0x4c13c
pc : [<00228004>]    lr : [<0004c13c>]    Not tainted
sp : 00240000  ip : 00000000  fp : 00000000
r10: 00274bf4  r9 : 00000000  r8 : 00000000
r7 : 00240224  r6 : 002420cc  r5 : 00000000  r4 : 002423d0
r3 : 00000047  r2 : 00000000  r1 : 00240224  r0 : 00000000
Flags: nzCv  IRQs on  FIQs on  Mode USER_32  Segment user
Control: 397F  Table: A22AC000  DAC: 00000015
pgd = c22ac000
[00240224] *pgd=a398a011, *pte=a3b2505f, *ppte=a3b2502b
PC is at 0x228004
LR is at 0x4c13c
pc : [<00228004>]    lr : [<0004c13c>]    Not tainted
sp : 00240000  ip : 00000000  fp : 00000000
r10: 00274bf4  r9 : 00000000  r8 : 00000000
r7 : 00240224  r6 : 002420cc  r5 : 00000000  r4 : 002423d0
r3 : 00000047  r2 : 00000000  r1 : 00240224  r0 : 00000000
Flags: nzCv  IRQs on  FIQs on  Mode USER_32  Segment user
Control: 397F  Table: A22AC000  DAC: 00000015
arm-linux-gcc: Internal error: Segmentation fault (program cc1)
Please submit a full bug report.
See  for instructions.

Someone please help me out!

I’ve been tech reviewing the second edition of Steve McConnell’s landmark book
Code Complete, due out in June. Bless his heart, he’s got an entire chapter devoted
to good variable naming practices. He touches on, but doesn’t fully
explore, two of the biggest sins in variable naming. Allow me to hop
up on my soapbox.

Bad variables are all over the place.
Usually it will be something like a short variable used for too long, like $n being used for the duration of an entire subroutine. The programmer might as well have been working in
TRS-80 BASIC, where only the first two characters of variable names were
significant, and we had to keep a handwritten lookup chart of names in
a spiral notebook next to the keyboard.

Sometimes you’ll find variables where all vowels have been removed as a shortening technique, instead of simple truncation, so you have $cstmr instead of $cust. I sure hope you don’t have to distinguish the customers from costumers!

There have also been intentionally bad variable names, where the writer
was more interested in being funny than useful. I’ve seen $crap
as a loop variable, and a colleague tells of overhauling
old code with a function called THE_LONE_RANGER_RIDES_AGAIN().
That’s not the type of bad variable name I mean.

Variable naming conventions can often turn into a religious war, but
I’m entirely confident when I declare The World’s Worst Variable Name to be:

$data

Of course it’s data! That’s what variables contain! That’s all they
ever can contain. It’s like you’re packing up your belongings to move to
a new house, and on the side of the box you write, in big black marker,
“matter.”

Even if it’s a function pointer, it’s data that tells the language what
function to run. Even if it’s undef or NULL, that the variable
contains that value is significant in itself.

Variables should say what type of data they hold. Asking the question
“what kind” is an easy way to enhance your variable naming. I once saw
$data used when reading a record from a database table. The code
was something like:

    $data = read_record();
    print "ID = ", $data["CUSTOMER_ID"];

Asking the question “what kind of $data” turns up immediate ideas
for renaming. $record would be a good start. $customer_record
would be better still.

I promised the two worst variable names, and I feel no fear of
disagreement as I declare The World’s Second Worst Variable Name to be:

$data2

More generally, any variable that relies on a numeral to distinguish it from a similar
variable needs to be refactored, immediately. Usually, you’ll see it like this:

    $total = $price * $qty;
    $total2 = $total - $discount;
    $total2 += $total * $taxrate;

    $total3 = $purchase_order_value + $available_credit;
    if ( $total2 < $total3 ) {
        print "You can't afford this order.";
    }

You can see this as an archaeological dig through the code.
At one point, the code only figured out the total cost of the order,
$total. If that’s all the code does, then $total is a fine name.
Unfortunately, someone came along later, added code for handling discounts
and tax rate, and took the lazy way out by putting it in $total2.
Finally, someone added some checking against the total that the user
can pay and named it $total3.

The real killer in this chunk of code is that if statement:

    if ( $total2 < $total3 )

You can’t read that without going back to figure out how it was
calculated. You have to look back up above to keep track of what’s what.

If you’re faced with naming something $total2, change the existing
name to something more specific. Spend the five minutes to name the
variables appropriately. This level of refactoring is one of the easiest,
cheapest and safest forms of refactoring you can have, especially if
the naming is confined to a single subroutine.

Let’s do a simple search-and-replace on the coding horror above:

    $order_total = $price * $qty;
    $payable_total = $order_total - $discount;
    $payable_total += $payable_total * $taxrate;

    $available_funds = $purchase_order_value + $availble_credit;
    if ( $payable_total < $available_funds ) {
        print "You can't afford this order.";
    }

The only thing that changed was the variable names, and already it’s
much easier to read. Now there’s no ambiguity as to what each of the
_total variables means. And look what we found: The comparison in
the if statement was reversed. Effective naming makes it obvious.

There is one exception to the rule that all variables ending with numerals are bad. If the entity itself is named with a number, then keep that as part of the name. A variable for the road running through town would be just fine as $route31. It would be silly to rename it as $route_thirty_one.

Finally, remember that all of these rules apply to subroutine and file naming as well. We often don’t spend enough time considering file names, but that’s a rant for another day.

What other naming sins drive you crazy?

I will be giving three talks at OSCON this year: two sessions and a tutorial.
They’re all focused on PHP security in one way or another, and I’m very happy
that O’Reilly is giving this topic so much attention. I’m including the descriptions
below, although the exact outline of the tutorial (PHP Security) is
subject to change

Securing PHP Sessions

PHP’s native session mechanism provides Web developers with all the tools
they need to create stateful PHP applications. In this talk, I will
explain how to take this one step further and secure your sessions to help
complicate impersonation as well as defend against various types of attacks.

By taking a detailed look at the HTTP transactions that take place as
users interact with a Web application, you will gain important insight into
the challenge of maintaining state. You will learn how to identify patterns
in a Web browser’s requests to create a virtual fingerprint as well as how
to leverage multiple identifiers.

Beginning with the most basic example of implementing sessions with PHP,
you are shown exactly what is required to impersonate a user. This basic
example is strengthened as the talk continues by introducing a few different
techniques. As each technique is introduced and explained, the resulting
user experience is contrasted with a sample attack required to
impersonate the user. By the end, you should have a much clearer
understanding of sessions and walk away with some useful techniques that you can
implement in your own applications.

Foiling Cross-Site Attacks

PHP is quickly becoming the world’s most popular programming language for
creating Web applications. As more and more applications are being built
for the Web, security is becoming a crucial topic. One of the best methods
you can use to educate yourself about PHP security is to study the various
types of attacks that you must defend against.

This talk introduces two of the most common types of attacks that current
Web developers face, Cross-Site Scripting (XSS) and Cross-Site Request
Forgeries (CSRF). Because XSS involves exploiting the trust granted to a
particular Web site and CSRF involves exploiting the trust granted to a
particular user, these two example attacks will help demonstrate a wide
variety of application-based attacks.

By using examples that illustrate exactly how these types of attacks are
accomplished, you are shown simple and effective techniques that you can
use to help prevent such vulnerabilities in your own PHP applications.

PHP Security

This is just a preliminary outline. I am basically choosing a focused
selection of topics from my upcoming book, PHP Security.

1. Overview
   What Is Security?
   Register Globals
   Data Filtering
   Error Reporting
2. Form Processing
   Spoofed Form Submissions
   Spoofed HTTP Requests
   Cross-Site Attacks
3. Databases and SQL
   Exposed Access Credentials
   SQL Injection
4. Sessions
   Session Fixation
   Session Hijacking
5. Shared Hosts
   Exposed Session Data
   Browsing the Filesystem

Related link: http://www.opensource.org/halloween/halloween10.html

In the most recent Halloween document, it appears that Microsoft might have funded SCO’s little attack on Linux to the tune of some $86 million dollars. First of all, can we call this a Casmir Pulaski Document as it is falling on Casmir Pulaski’s day, a holiday in the state of Illinois? 10 Halloween documents, and not all that many fall on that one day. That said. ..

Microsoft is spending money to come after Linux. I don’t want to downplay the importance of this, but ….what of it? They will
come after Linux with every weapon in their monopolist arsenal including but not limited to:

Monopoly control of the server and desktop vendors

Lawyers of every stripe and morality (or lack thereof)

New and compelling applications (they got ‘em, don’t fool yourself that this isn’t their most potent of weapons)

Their vast army of salespeople and marketers.

The ability to create and pass favorable legislation for themselves.

The ability to create and pass harmful legislation against their enemies.

In short, the kind of action described in the recent Casmir (You know, the polish “Father of the Cavalry”?) document shouldn’t come as a surprise to anyone (and likely doesn’t!). The only surprise that accompanied its release is that this is the first we’re hearing of it and that more underhanded attacks on Linux aren’t out in the open.

Look at what they’re up against with the Free Software world… hundreds of thousands of developers, even more enthusiasts acting as an informal marketing team, enormous companies like IBM and the rest with a vested interest in the sucess of Linux, they have a competitor who can truly hurt them now. I’m not trying to evoke sympathy for them, mind you, but its not like we’re in the wrong weight class.

A ballpark figure that ESR bandies about in the document is around $100m dollars, I’d be willing to bet that an even billion has been set aside. I don’t want to speculate on what it has been spent on, I would rather hear from you what you think they’re writing the checks for today? What should we anticipate tomorrow?

And one last postscript: I gotta wonder….is this the best Microsoft can do with $100m?

Well, What did you expect from Microsoft? Flowers and Candy?

Related link: http://www.cio.com/archive/030104/open.html

CIO.com has a good article about myths of open source in business. The anecdotes of several companies who use OSS successfully pepper the story very effectively. (Thanks to Dan York for the link.)

Richard Stallman led the way for decades with his twin calls for
“information freedom” and the “right to share.” And for decades the
campaign was seen as idiosyncratic and marginal. Only during the past five
years–with the triumph of open source, the passage and abuse of the
DMCA, and the popularity of peer-to-peer–have large numbers of people
seen the link between information and the right to lead modern lives
in the way we like.

And still it seems quixotic to call for free software in government
and other public fora. The movement remains on the fringe.

Perceptions and mores can change fast, though. This occurred to me as
I researched the gay marriage issue, which was not spawned in
Massachusetts but received its biggest boost to date here, with a
Supreme Judicial Court ruling on November 18 and a circus-like legislative
session in mid-February where defenders of gay rights amazingly beat
back a hastily organized reaction. The sudden notoriety of this issue
in an election year can distract us from the realization that this is
history in the making.

Like the free software movement, the movement for gay marriage started
literally on the fringes of the country. Hawaii and Vermont? Perfectly
nice places, but who would expect the rest of America to follow their
lead? (Or the Netherlands, which already bore the shame of sane
policies toward marijuana use.) Now that the gay marriage genie is
out of the bottle, and spreading to San Francisco and other cities,
putting it back will be more of a task than taking a morning-after
pill.

To advance civil rights, the Supreme Judicial Court created the odd
doctrine that the right of gays and lesbians to marry had always been
in the Massachusetts Constitution. By their legal arguments, had two
women walked into Boston City Hall in 1780 and demanded a marriage
certificate, the black-suited inheritors of Cotton Mather’s and
Jonathan Edwards’s traditions would have been obliged to dip their
quill pens in ink forthwith.

But this is not a case of “activist judges,” as claimed by George
W. Bush (the most shameless manipulator of politics on the judicial
bench) but of a shift in public awareness that is tangible and
real. As a speaker pointed out at a forum on marriage I attended this
week, historians in a couple decades will judge our approach to gay
marriage the way we judge the black civil rights movement. The speaker
told us to ask our state legislators, “Would you like to come off as
Strom Thurmond or as Bobby Kennedy?” In the wake of the Massachusetts
court ruling, millions of gays and lesbians and their supporters are
suddenly asking, “Why not?”

So what does all this have to say about government and public uses of
software? The status quo here–that the vast majority of people cannot
see the source code of the software they use every day–is an
incomparably recent and superficial tradition, compared to that of
heterosexual-only marriage. As Bill Joy likes to point out, early
programmers came from an academic tradition and published their code
as a matter of course, just like other research results.

In a country obsessed with proprietary ownership of information
(witness the recent re-introduction of a bill protecting databases, an
issue I treated at length in another
article),
it’s natural to encounter a visceral resistance to free software, just
as there’s a visceral resistance among the public to applying the
concept “marriage” to gay relationships that are pretty much
mainstream. But in both cases, the trend is inevitable and public
opinion is likely to shift quickly.

Companies certainly have a right to keep source code secret (and let
us not forget that copyright is the legal and traditional basis of all
free software licenses, including the GPL). But the powerful arguments
for introducing free software into government institutions, where
feasible, are growing louder and louder.

We argue about costs and security and support, but what about rights?
If free software in public agencies was redefined as a right, the
debate would change radically–and it soon might.

The biggest no-brainer argument for free software comes in the area of
voting machines. The myriad requirements for traceability and
anonymity probably makes it impossible ever to have secure,
software-only voting machines. But whatever equipment we have should
be open to a full software accounting. Otherwise, elections would be
just as crooked as if poll monitors were excluded from vote-counting.

In other areas of government, too, the realization is spreading that
open is better. Munich and Extremadura , along with a few other
localities and agencies, are leading the way. All we need is a raft of
stories about how somebody spent $500 and fixed a bug that was holding
up public services, or how easy it was to switch support contracts.

Then the inkling of the early free software proponents will turn into
a rushing tide. Arguments against software freedom in systems the
public depends on will be thrust aside. Government services and open
source software will become almost synonymous.

When is it useful to talk of rights?

Related link: http://www.fila.com/feature.jhtml?contentId=76500008&section=running

I started running about two years ago because I somehow got it into my head that I wanted to run a 10K, perhaps to cross it off the list of things I need to do in life.

If I wore a sports watch while running, not only did it irritate my wrist, but I could not really look at it while in full stride. Either the display was too small to let me figure out the numbers as it bounced around, or I had to fumble with buttons to get the display I wanted.

That watch died one day in Fallujah (I guess water-resistant can mean just about anything), so I want to get another one when I get back to the States. Fila Finger Watch looks like it was made by runners for runners—it has a large digital display and you wear it on your finger, so it is usually already angled towards your eyes. Technology and design in the same product. Beautiful.

I also saw a USB thumb device that was an MP3 player. Plug it into your computer to load it up with 16 hours of music, then plug it into its little holder that is even smaller than the micro-sized sports radios I have seen. Too bad I do not listen to music when I run, or I might have wanted that too.

What technology do you use when you exercise?

Related link: http://www.spambouncer.org

I have mostly been away from my unix account on PANIX, so I have not been irritated by all of the spam that has shown up in my inbox. After the MyDoom incident, I started to get a lot of it. I think the spammers must have made a slight jump ahead in the arms race. Now they purposedly misspell words and construct much more natural looking messages. After a quick download, I no longer have to see those messages.

Every time a get a surge of spam in my inbox, I simply update my SpamBouncer filters. It uses procmail behind the scenes, and the author, Catherine Hampton, updates everything religiously. I do not have to fool with anything. Indeed, I can update everything with a cron job if I was motivated enough to take the five minutes to set it up.

As far as I know she has never asked for anything in return, and everything is available under the Free Software Foundation’s COPYING principles (which seems a little more vague than being licensed as such). Hooray for open source and huzzah for community!

Music is a big thing in my life. I have been a fan of music since I was a child, and I have also turned my interest in these songs into creating my own original songs. After many years of practice and determined effort I have learned how to play guitar, drums, bass, piano and sing. I apply the result of my practice in my compositional pieces that I record in my home studio, and I also play in a band that I formed called Seraphidian. Anyway, I can see your eyes glazing over so I will get on with it.

Recently some pals and I from Wolverhampton Linux User Group decided to set up a radio show that would basically revolve around the kind of discussion at LUG meetings. This discussion is typically loose, humorous and sarcastic and we wanted to bring this kind of banter to the net so others can have a listen. After about 10 months of lethargy, planning, house moves and sheer laziness we pulled our collective finger out and created our new baby, LUGRadio.

After we recorded our first episode in my little home studio, we released our debut recording to the Internet in OGG and MP3 formats under the Creative Commons Attribution-NoDerivs-NonCommercial 1.0 license. We chose this license for a few reasons. First, we wanted to ensure that our recordings were available freely and could indeed be downloaded freely. Second, we wanted to ensure that people knew that it was us who recorded the show as LUGRadio is an ongoing project. Thirdly, we wanted to ensure that our broadcasts are free but can be used commercially with written permission. Finally, we wanted to ensure that our recordings were not modified in any way so as to preserve the context and measure of the show. We settled on this license and that was that.

When we released our first episode into the wilderness we got a lot of very positive responses from people across the world, and a mind boggling set of statistics for downloads. A lot of people downloaded the first episode and we were, well, surprised to say the least. Out of the list of emails that we were getting for the show one of them stuck out in particular. This particular email questioned why we had chosen a license that the writer deemed non-free by his account. The writer felt that we were not releasing a truly free broadcast due to the fact that we do not allow commercial use of the show without written permission, and that we do not allow people to edit the show. This got me thinking. Is our licensing structure free? Are we choosing the best license for the show based upon the balance of ensuring clarity and consistency, but also preserving free distribution?

In my view this individual is wrong. Freedom is a word that can be defined on so many different levels. Although this guy is questioning the freedoms of the listener, he does not seem to question the freedoms of the artist. When we created LUGRadio, we were essentially stepping into roles as artists. We created a piece that was released and meant to be heard as a piece. We do not really want people to hear snippets of the show, as the broadcast as a whole will not be in context. The whole point of a Radio, TV or other broadcast episodes are that they are intended as a whole. If we had plumped for the kind of free license that enables the rights that this individual requires, our radio show could be chopped into pieces and distributed in parts and not necessarily as the whole. To me this undermines our rights as the artists who created the work, and our artistic vision.

Let us take an example here. Many of you reading this will love Star Wars. Do we have the right to demand that George Lucas uses a free license on his films so that we can choose the ending that we deem correct? Should we be allowed to adjust the ending of The Lord Of The Rings? Is it fair to deny an artist a right to create a piece of art that is to be released and enjoyed in the way that it was intended?

Freedom has a limit at some point. That is a sentence that I hate to write because I believe in freedom so much. I believe that code should be free, that ideas should be free and that we should all live in a free society where we can pursue our individual potential as a community. This is one of the many reasons why I am a free software advocate. It does seem however that there is a conflict of interest between art and freedom if this requirement for modification is demanded for the piece to be truly free. Although admittedly we would still be able to release our full unedited version on the Internet, and this could be perceived as our right, I don’t think it is unreasonable to produce a work of creativity that we want to be heard in the way it was intended. People can still listen to it and distribute it freely so what is the issue?

The issue in my mind is that a software license is being applied in a context where a software license is not always applicable. Free and open source software is comprised of a media that is used to create a final product, and the source code is the true product of open source free software, not the compiled binary that is released. The reason why open source free software has such potential is that the materials used to build the final consumer product (the source code) are licensed in a way that allows them to be modified and expanded. This is highly reasonable and practical due to the fact that software is generally intended to be improved and modified. There are few software applications that are released as works of art. Typically software applications are tools that are intended to be used to perform a function or activity. It is therefore sensible and reasonable to release the source code under a free license that involves freedom of distribution and indeed modification to foster these improvements.

What we need to bear in mind however is that an audio piece such as ours cannot be compared in such a way. Firstly, the final recorded output of our show is the equivalent of a binary compiled from an application. We recorded our source material to a PC and then I edited it all together. If our show was to be open sourced therefore, the source audio content would need to be made available. Even then, surely that is still the binary equivalent of the recording process. The digitally recorded source material is merely the product of our true source material - our thoughts, discussion, comment and sarcasm that was recorded to the PC in the first place. Does this even truer level of freedom mean that everything we say on the show should be open to modification and improvement? Of course not. This is ludicrous. As we can see, freedom can only be taken so far practically. This definition of so far is of course open to scrutiny. One persons idea of freedom is just giving away pre-compiled software and another persons idea is removing the locks from their doors and inviting everyone into their house.

I believe LUGRadio is free. This show is free because we have developed a piece of creative art that we are giving away freely to the world. We have worked hard to pull together our collective ideas and present them in a show that not only seems interesting to listen to (from our initial feedback) but is also made available freely on the Internet. Protecting this freedom of distribution has meant many late nights and concerted efforts to set up the website, forums, mirrors and other services. LUGRadio has also been a true example of how a community has pulled together to keep something going. We have had generous contributions of mirrors, resources and suggestions from all four corners of the earth. This is indeed freedom and community on display.

So what do you think? Are we right, wrong or will people never agree? Scribe your thoughts below…

When I first started playing around with my Nokia 3650 camera phone, I did not know when it actually took the picture, and my results were blurry. The camera is supposed to make an audible shutter-click noise, but one of the first things I did with my new phone is turn off any and all sounds. I never hear the shutter click.

I took this photo on one of our missions to a local school, where swarms of Iraqi kids wanted us to “flash” their photo. I think these two kids’ names are both Mohammed, although around here they stress the second syllable rather than the first, so it comes out as “Hamid” to my western ears. I tell them my name is Mike Tyson.

I have only reduced the dimensions by half and added a black border. The rest, including color and brightness, is straight from the camera.

I transferred the photo to my computer even before I saw my computer. Once we parked our vehicle, grabbed our gear, and started walking towards my tent, I was making a bluetooth connection (although I have to leave the display up to make that work). Bluetooth has been absolutely lovely, and I glad I did not decide to go without.