News: ( Print )

I just wanted to say thanks to IBM for Open Sourcing Cloudscape .

You guys really have your act together. Keep up the good work!

Today Jonathan Moore and I headed over to LinuxWorld after lunch to see what kind of cool hardware and Linux hacks they had on the expo floor.

Only $15 to get in the door so I figure why not.

I'm a bit of a privacy freak. When you're trading some security for liberty there are situations where it might be worth it. In situations of extreme violence having the police by your side might be a good idea.

I think we can all agree that trading liberty for nothing isn't worth it. This country was *founded* on liberty after the British were abusing their colonial powers. Every true American should cherish their liberty and think long and hard about just turning them over for no reason.

That said, I decided I didn't want to give LinuxWorld my ID when I just wanted to walk around the show room floor.

I just wanted to walk in, give them cash, get a badge, and explore the show room.

Not so fast. They won't let me on the show room floor without ID.

When I asked why they mentioned it was for "security reasons." How in the world could it be for security reasons? Its not like they're doing a background check on all registrations. All of the 911 terrorists had valid IDs!

Their real agenda is to build a database so that they can spam members and sell the database of LinuxWorld users to other companies.

This country is turning into a police state. More and more places are starting to require that I hand over my bags or submit to a search upon leaving the premise.

CompUSA on the corner of Market and 3rd on SF requires that everyone submit to a bag search upon leaving the building. Of course I tell them I'm not going to submit to an unconstitutional bag search and they point to the EULA I agreed to when I walk in the building which essentially says:

"By entering CompUSA you agree to have your bad searched when leaving."

... or words to that effect.

I'm not a terrorist. I'm not a criminal! I refuse to be treated like one when I'm trying to patronize your store!

LinuxWorld is a perfect example. I'm in a position to recommend hardware to a number of companies. These contracts usually are greater than $20k. I was specifically going to talk to IBM about some of their 1U rack mount servers (thinking about migrating away from Dell).

Obviously thats not going to happen now.

I'm starting to realize that my blog is a bit of a time machine. For example I can create a blog entry to warn myself about something that WILL happen in the future.

My current NTP blog entry is a good example. I wrote this for myself as much as for the people who read my blog (or find me via Google).

I know for sure that NTP on Debian is going to bite me sometime in the future and I'm going to forget WHY. Then I'm going to (of course) go to Google or my aggregator and search for NTP and then find my blog post.

I've done this about a dozen times now and its saved me a TON of time!

The Network Time Daemon (NTP Daemon) implementation within Debian leaves a lot to be desired.

First off they don't include it with a working config. You have to create your own /etc/ntpd.conf. To make matters worse the configuration doesn't accept DNS names so you have to manually enter IPs. Fun. I can understand that they might not want to provide ONE configuration and overwhelm one or two NTP servers but they can provide a dynamic config that balances load among all available servers. There is of course the public serves list but you have to Google for it.

All you really need to do here is enter a list of servers:

server time.nist.gov

server 192.43.244.18

Note that it will complain that time.nist.gov is invalid. I added this in the hope that they will start providing DNS name support.

As of Debian testing the command 'ntptimeset' has been removed and I believe replaced with just a standard 'ntpd'. In order to have it reload your time once you update the configuration file you just restart the daemon.

The package naming is also a bit confusing. Most systems should just install 'ntp-simple'.

Don't get me wrong. I love Debian. If anything this is constructive criticism. I just expect more from my distribution.

Sven Jaschan, self-confessed author of the Netsky and Sasser viruses, is responsible for 70 percent of virus infections in 2004, according to a six-month virus roundup published Wednesday by antivirus company Sophos.

The 18-year-old Jaschan was taken into custody in Germany in May by police who said he had admitted programming both the Netsky and Sasser worms, something experts at Microsoft confirmed. (A Microsoft antivirus reward program led to the teenager's arrest.) During the five months preceding Jaschan's capture, there were at least 25 variants of Netsky and one of the port-scanning network worm Sasser.

Graham Cluley, senior technology consultant at Sophos, said it was staggering that one person could be responsible for so many infections. Richard Starnes, president of security industry group ISSA UK, was also impressed: "Is he going to put this on his CV?" he asked.

... and this is why we can't win the war on terrorism.

This isn't as much a criticism of the Bush administration as it is pessimism for the future of humanity.

When this much power is in the hands of one individual, and its distributed, we have a problem.

The Unabomber Manifesto goes into this in depth (the man might be insane but he has a point). Can we as a society move forward with our technological progress without destroying the planet?

I don't know but I sure hope so.

I've been a big fan of Log4J for a while now but haven't migrated any code over for one central reason. The following line of code:

final static Logger logger = Logger.getLogger( "some.name" );

... is amazingly ugly and difficult to work with.

Most people use Log4J with a logger based on the classname:

So we would probably see:

static Logger logger = Logger.getLogger( "org.apache.commons.feedparser.locate.FeedLocator" );

Which is amazingly verbose. A lot of developers shorten this to:

static Logger logger = Logger.getLogger( FeedLocator.class );

But this still leaves us with cut and paste errors.

What if we could just reduce it to:

static Logger logger = Logger.getLogger();

Impossibe you say! We wouldn't have the classname so we can't use any filters!

Wrong... The java.lang.Exception stacktrace can provide us with the hint we need. The method body would be simple:

Exception e = new Exception();

String category = e.getStackTrace()[1].getClassName();

return Logger.getLogger( category );

Now of course the Exception class could be a bottleneck but the key point here is that this only gets called once per class in the system. Even if ALL your code was using a Logger your system would still bootup in less than a second.

For the added flexibility and reduction in code verbosity and management I think its worth it.

(CNN) -- A longtime associate of al Qaeda leader Osama bin Laden surrendered to Saudi Arabian officials Tuesday, a Saudi Interior Ministry official said.

But it is unclear what role, if any, Khaled al-Harbi may have had in any terror attacks because no public charges have been filed against him.

The Saudi government -- in a statement released by its embassy in Washington -- called al-Harbi's surrender "the latest direct result" of its limited, one-month offer of leniency to terror suspects.

This is great! I hope this really starts to pay off. Creative solutions to terrorism that don't involve violence.

How refreshing!

Are you paying attention Bush administration?

http://www.cnn.com/2004/WORLD/meast/07/13/binladen.aide/

FOAF/LOAF and bloom filters have a lot of interesting properties for social network and whitelist distribution.

I think we can go one level higher though and include GPG/OpenPGP key fingerpring distribution in the FOAF file for simple web-of-trust based key distribution.

What if we used FOAF and included the PGP key fingerprint(s) for identities? This could mean a lot. You include the PGP key fingerprints within the FOAF file of your direct friends and then include a bloom filter of the PGP key fingerprints of your entire whitelist (the source FOAF file would of course need to be encrypted ).

Your whitelist would be populated from the social network as your client discovered new identities and keys and would be distributed in your bloom filter included in your FOAF. You could create direct friends and then a graph of trust relationships directly outside to 2 degrees of transitivity stored in the bloom.

This would essentially enable transparennt key distribution with a low probability of a MITM attack and without any central PKI infrastructure (bye bye Verisign!).

Now imagine your applications have transparent support for using your FOAFKey store. You're at ETech and your ZeroConf install noticed an advertised FOAFKey files on the network. You fetch the FOAFKey file because its advertised as being on your whitelist. This allows you to automatically discover new keys and extend your whitelist. Since FOAF files are available via URLs you can periodically aggregate them and import them into your social network. You can of course do the same within with BlueFOAF if it were extended to support this.

You now have a SPAM-free whitelist, social networking capabilities, full encryption and key distribution capabilities without any MITM attacks (or at least a low probability that even Ashcroft could break in if done correctly). All of this could be bootstrapped off a few manual key verifications.

This could go a LONG way to yielding secure key distribution and totally pervasive crypto and secure communications channels everywhere. The real reason PGP didn't take off was because it wasn't easy. FOAF and social networking could be both easy and FUN! Imagine IM and chat programs having support for this. If this were an OS level feature or an OSS stdlib then applications like Mozilla, Evolution, GAIM, etc could add support and incorporate security and social networking capabilities.

SUPPLEMENTAL: // created on 2004-07-05T11:43:25:00-07

Just wanted to clarify a few things.

The PGP public key itself isn't included in the foaf just your fingerprint and those of your friends. The real key is fetched from a public key server.

SUPPLEMENTAL: // created on 2004-07-06T18:19:24:00-07

NOTE: I wanted to fact check this post to see if there is prior art out there but I don't think it is. Excuse my laziness but I have the flu right now :)

For some reason I never released this code.

I developed it while working on NewsMonster and just forgot I think

It's an extension for Mozilla that allows you to see all runtime exceptions (with full stack traces) that are unhandled by Mozilla.

Just install it and if your code generates an unhandled exception it will show up in the logs and on the console.

Very handy for doing any hardcore Mozilla development.

http://peerfear.org/download/mexception.tar.gz http://peerfear.org/download/mexception.xpi

Now that the country is awash in Reagan nostalgia, some observers are predicting that you will enter politics. Would you like to be president of the United States?

I would be unelectable. I'm an atheist. As we all know, that is something people won't accept.

What would you do if Senator Kerry asked you to be his vice president?

I would question his sanity.

Do you ever go to church?

No. I visit my wife's sangha.

So you sometimes practice Buddhism?

I don't claim anything. But my sympathies would be in that direction. I admire the fact that the central core of Buddhist teaching involves mindfulness and loving kindness and compassion.

So lets get this straight. He's an athiest who's sympathetic to Buddhism, hates Bush, is frustrated with politics, and thinks Dick Cheney's isn't a "mindful human being" (which is a very Zen way of saying he's a jerk).

I like this guy! He's my kinda Regan!

RIYADH, Saudi Arabia (CNN) -- One of Saudi Arabia's most wanted militants has turned himself into the authorities, the first senior suspect to surrender under a one-month government amnesty announced last week.

Othman Al-Omari, number 19 on Saudi Arabia's most wanted list of 26, accepted King Fahd's offer of amnesty, which was made last week, according to Saudi sources Monday.

Al-Omari, who turned himself in on Sunday night, was a business partner of Shaban Al Shihri -- the first al Qaeda member to accept the offer when he turned himself in Friday.

http://www.cnn.com/2004/WORLD/meast/06/28/saudi.omari/

When I first saw this I was really upset. I thought that it would certainly lead to more violence if they just let terrorists off the hook.

Now thinking about it some more maybe this is a brilliant idea!

First off it's a creative solution to the problem of terrorism. I don't subscribe to the theory that more violence is the solution to violence (IE the Bush Doctrine).

All you have to do is get a few terrorists to surrender (and have them cooperate) to take down the rest and learn a LOT about your enemy.

Torture obviously doesn't work and in this situation. You can torture a prisoner all you want and he won't give you the information you want.

Time will tell if this strategy works. Once you know the identity of a terrorist you could essentially have him under house arrest for the rest of his life.

BAGHDAD, Iraq (CNN) -- Members of Iraq's interim government took an oath of office Monday just hours after the United States returned the nation's sovereignty, two days ahead of schedule.

Led by Iraq's interim Prime Minister Ayad Allawi, each member of the new government placed a hand on the Koran and promised to serve with sincerity and impartiality. Iraqi flags lined the wall behind them.

Iraq! Now with 100% less Coalition Provisional Authority! Act now and get a free Weapon of Mass Destruction (offer only available in Syria, Jordan, Saudi Arabia, Pakistan, Syria and Iran).

Also check out our new Puppet Government! Keeps the kids occupied for hours!

http://www.cnn.com/2004/WORLD/meast/06/28/iraq.handover/

SUN has announced that Java3D will be released in a different manner than any other SUN project in existence.

We announce the availability of the source code for the Java 3D API on java.net. We are involving developers in the evolution of the Java 3D API. Come join the Java 3D projects on java.net, and download the source code for the core Java 3D API, vecmath, the Java 3D core utilities, and the Java 3D program examples.

The key thing here is that they have provided the core utils under a BSD license and even have the CVS available .

Good job SUN! You're headed in the right direction!

Here's the only problem:

We are releasing the source code for the j3d-core and vecmath projects under separate research and commercial license. The research license is the Java Research License (JRL). The commercial license is the Java Distribution License (JDL), a no-fee license that allows a vendor to ship a compatible version of Java 3D with or without modification.

The majority of the code is still proprietary and under a non OSI-approved license .

Specifically the following clauses:

A. License Grant. Subject to the conditions contained herein, Sun grants to You a non-exclusive, non-transferable, worldwide, and royalty-free license to do the following for Your Research Use only

and

B. Residual Rights. You may use any information in intangible form that you remember after accessing the Technology, except when such use violates Sun's copyrights or patent rights.

... which is a bit confusing. How am I supposed to know everything that SUN has every copyrighted or patented.

I think I'll keep this as source under glass for right now and won't be contributing to Java3D a all.

I really hope SUN doesn't Open Source Java at JavaOne this year. It would be a terrible decision and seriously hurt the tech industry. Also, it would hurt SUN and I'm sure their responsible enough to realize this.

(Lets hope that works!)

A few days ago Kerry sent around this ad:

Yesterday, the Bush-Cheney campaign, losing any last sense of decency, placed a disgusting ad called "The Faces of John Kerry's Democratic Party" as the main feature on its website. Bizarrely, and without explanation, the ad places Adolf Hitler among those faces.

The Bush-Cheney campaign must pull this ad off of its website. The use of Adolf Hitler by any campaign, politician or party is simply wrong.

Which of course is a mistake. I went and downloaded the video (which is just stupid btw. Not a masterpiece by any means.) and there are shots of Hitler in there, but only from the MoveOn contest from a few months back.

Here's the problem. The Kerry campaign just screwed up with their criticism of the Bush administration.

The real criticism is that the Bush administration is still using this pathetic excuse for a controversy. This video was uploaded to MoveOn for a few hours during an *open* contest with the public. They removed it soon after.

The real problem with the video is that they take sections of speeches made by leading Democrats when they are clearly angry (they have the right to be) and splice them together to make us sound like raging lunatics.

They even go so low as to include Dean. I'm sorry but aren't you running against Kerry? This might be a better use of your time.

... and of course we have people that pick up on this mistake and run with it:

I'm not sure whether this is malice or incompetence on the part of the Kerry Campaign -- and I suspect the answer is incompetence -- but it doesn't bode well for them either way.

I don't like it either. It would be nice if Kerry were to issue an correction and change their criticisim to the use of this MoveOn video since its not an official entry and MoveOn appologized for it.

"On Tuesday, Cheney, serving in his role as president of the Senate, appeared in the chamber for a photo session. A chance meeting with Sen. Patrick J. Leahy (Vt.), the ranking Democrat on the Judiciary Committee, became an argument about Cheney's ties to Halliburton Co., an international energy services corporation, and President Bush's judicial nominees. The exchange ended when Cheney offered some crass advice.

'Fuck yourself,' said the man who is a heartbeat from the presidency."

Wonder what the moral majority has to say about this?

It isn't profanity! Its a freedom praise!

http://www.washingtonpost.com/wp-dyn/articles/A3699-2004Jun24.html

When we Americans first began, our biggest danger was clearly in view: we knew from the bitter experience with King George III that the most serious threat to democracy is usually the accumulation of too much power in the hands of an Executive, whether he be a King or a president. Our ingrained American distrust of concentrated power has very little to do with the character or persona of the individual who wields that power. It is the power itself that must be constrained, checked, dispersed and carefully balanced, in order to ensure the survival of freedom. In addition, our founders taught us that public fear is the most dangerous enemy of democracy because under the right circumstances it can trigger the temptation of those who govern themselves to surrender that power to someone who promises strength and offers safety, security and freedom from fear.

It is an extraordinary blessing to live in a nation so carefully designed to protect individual liberty and safeguard self-governance and free communication. But if George Washington could see the current state of his generation's handiwork and assess the quality of our generation's stewardship at the beginning of this twenty-first century, what do you suppose he would think about the proposition that our current president claims the unilateral right to arrest and imprison American citizens indefinitely without giving them the right to see a lawyer or inform their families of their whereabouts, and without the necessity of even charging them with any crime. All that is necessary, according to our new president is that he - the president - label any citizen an "unlawful enemy combatant," and that will be sufficient to justify taking away that citizen's liberty - even for the rest of his life, if the president so chooses. And there is no appeal.

What would Thomas Jefferson think of the curious and discredited argument from our Justice Department that the president may authorize what plainly amounts to the torture of prisoners - and that any law or treaty, which attempts to constrain his treatment of prisoners in time of war is itself a violation of the constitution our founders put together.

What would Benjamin Franklin think of President Bush's assertion that he has the inherent power - even without a declaration of war by the Congress - to launch an invasion of any nation on Earth, at any time he chooses, for any reason he wishes, even if that nation poses no imminent threat to the United States.

I want my country back! I can't wait until November.

http://drudgereport.com/gore.htm

I first heard about this from one of the developers of the hit game SimCity, who told me that there was a critical bug in his application: it used memory right after freeing it, a major no-no that happened to work OK on DOS but would not work under Windows where memory that is freed is likely to be snatched up by another running application right away. The testers on the Windows team were going through various popular applications, testing them to make sure they worked OK, but SimCity kept crashing. They reported this to the Windows developers, who disassembled SimCity, stepped through it in a debugger, found the bug, and added special code that checked if SimCity was running, and if it did, ran the memory allocator in a special mode in which you could still use memory after freeing it.

... and by Unix I mean mission critical, rock solid, fast, clean, flexible, etc.

Granted this is a GREAT idea for the desktop but sooner or later it falls down. Sooner or later the chasm between Linux and Windows in terms of quality is just going to be so great that the market switches to Linux overnight.

All bets are off to what that date is though. I always seem to be right on these issues just that I'm years too soon.

My bet is by 2006 Linux will have 10% of the desktop market. By 2008 it will ahve 15% of the market. Apple will have about 15% of the market with OSX and Windows with the remaining 70%.

There ... it's public. Let's see what happens in 2008.

http://www.joelonsoftware.com/articles/APIWar.html

Zawodny threads off of Scoble on the IE issue:

I have to say, when I first read that I nearly fell off my chair laughing. I was thinking "how stupid ARE these IE guys?!?!?!" But we all know that Microsoft is full of smart people who care about what they're doing. So something really doesn't compute here.

Last time I checked, IE wasn't even close to feature parity with Mozilla's browsers. No popup blocking, no tabbed browsing, etc.

Does the IE team really not know what their product is missing?

Perhaps. It's highly likely that they just don't know.

The bigger issue here is that Microsoft products can't fail and they can't succeed. Microsoft has 40-50 billion in the bank. There's no incentive to build a kickass product. The IE team can wait 2-3 years for IE 7.0, put it into Longhorn, and still make their 6 figure salaries and watch their options vest.

This is a recipe for failure.

Microsoft continually fails to find the "next big thing" and when they do finally come around they end up building an inferior product. The only way they ever succeed in the market is by using their monopoly position to give them an edge.

Right now IE has a lot of momentum just because it isn't BAD enough for people to move away. The disparity between FireFox/Mozilla is starting to grow and sooner or later one vendor (Dell, HP, Compaq?) is going to distribute FireFox instead of IE with new machines.

The sky will fall and maybe the IE team will be fired. One can only hope. They certainly deserve it for letting IE 6.0 decompose for so long without an update.

How long before Mozilla is bundled to run directly emulate the MSHTML control? Sounds like we're making progress here:

http://www.iol.ie/~locka/mozilla/mozilla.htm

Here is a screenshot of IE hosting the Mozilla gecko control.

link to full image

Internet Explorer viewing a page with the Mozilla Gecko control

If you can't view the above image it's because you're on a version of Internet Explorer that doesn't support PNGs. How ironic! Time to upgrade to FireFox !

SUPPLEMENTAL: // created on 2004-06-17T16:29:43:00-07

Credit goes to Brad Neuberg for pointing out the IE COM gecko control and taking the screenshot.

SUPPLEMENTAL: // created on 2004-06-17T16:41:53:00-07

Another note. I didn't mention that the above Mozilla hosted within IE is running a XUL application called Mozilla Amazon Browser (MAB) which is a Mozilla-specific application.

... running in IE. Awesome!

Article from Mark Pilgrim about the Atom link mechanism:

Atom is an emerging XML vocabulary and protocol for syndication and editing. Atom has a coherent linking model to express a number of different types of links. Atom borrows heavily from the <link> element in HTML, although they are not identical.

Which I might add seems very similar to my RSS 1.0 mod_link proposal:

http://xml.com/pub/a/2004/06/16/dive.html

The mod_link module supports the syndication of site link information along with RSS 1.0 XML feeds. The W3C HTML link mechanism provides the original inspiration for this module. (July 22, 2002)

http://purl.org/rss/1.0/modules/link/

Abstract linking is a very important property for RSS

The mod_link spec wasn't adopted within RSS 1.0 due to a number of reason the most important being that we were right in the middle of the RSS 1.0/2.0 wars and attention was focused elsewhere. For a time it was adopted by Blogger's RSS 1.0 feeds thanks to Steve Jenson .

Just wanted to point that out. When I released the RSS 1.0 link module it was somewhat controversal. I guess I was right considering it was eventually adopted by Atom.

Good times! Good times!