Author: Andrew van der Stock

19 Nov 2000 »

certify me
Have Win2K upgrade 070-240 MCSE exam Tuesday morning first thing. Have beer-n-babes tonight. Study or beer. Beeeeeeeeeeeeeer. Baaabes. Study. I think you can see which will win.

work

Have too much work on at work. I’m presenting a Win2K security tutorial on Wednesday morning and I need to install Win2K Server on something so I can do demos during the tute. Microsoft dudes are coming, so I can’t suck.

hackery

Need to finish off our presentation et al to go to the Australian Open Source Symposium and get press for our secret project (OSDA) which we are announcing there.

At least I get to see Skud again before she potters off to Canada.

See you there.

12 Nov 2000 (updated 12 Nov 2000) »

life

Flew to Melbourne for a wedding. Travelled lightly – no baggage whatsoever. Mum freaked out about that.

Went shopping, bought a new suit and overcoat. Nice overcoat. Shame I live in Sydney where I will be able to wear it due to cold weather conditions about two or three times a year. Went to Mikasa and bought a nice wedding gift for Shaun & Rosemary.

Caught the garter. Parents don’t know yet, as I’ll never hear the end of it. The depressing thing about my last couple of weddings is the diminishing number of single women competing for the posey.

work

Work had a small geek rod-length check with a trivial maths problem. The trick is to write the smallest completely calculating and functional program to come up with the answer. Using simple algebra, it falls out in less than a few lines on a page, so that’s not an acceptable solution. It must calculate the answer.

What is the five-digit number in which the sum of the first two digits is one less than the third, the third double the fourth, the fourth double the last, the third the product of the fourth and fifth, the second five more than the first, and the first one-eighth the third and also one- fourth of the fourth?

Here’s my solution in JavaScript. The other guys got down and dirty with perl line noise and even a shell example:

% 16842
16482: Command not found

But that’s cheating, as they precalculated it.

flying

I hate getting up early to fly. I’m sleep deprived. I love flying. I like 747’s – they land just like a 400 tonne bricks shouldn’t. I don’t like 737’s – the Cessna 172 of the airline world.

My secret shame: I don’t like landings. They make me nervous and my heart goes afluttering during them, even in nice conditions. I’ve been flying all my life, at least two or three flights every year, and at the moment, it’s about 20-30 flights a year, which shits me as I don’t spend many weekends in my own bed. But I still get nervous during landings. I don’t know why. I fly FlightSim 2000 on my PC, and I’ve got landings down pat there, and I know what a good landing looks like in real life. I know all about fishing for the ground, and appreciate the true skills of the computers or pilots plonking those big babies on the ground in weather that gives me the willies, but I still find landing distressing. Oh well.

reading: Iain M Banks is a legend

Wooohoooo! mbp has the new Iain M. Banks book. That means that I have a chance of getting it as well! Excellent.

driving: mbp’s fang

The Sydney -> Batemans Bay -> Canberra -> Federal Highway – > M31 -> Sydney drive is an excellent little fang (it’s about 700 km all up from my place, and I’ve done it twice now). This drive can only be improved via going through the Royal National Park: 30 km twisty bits instead of the boring direct way. The mountain twisty bits on the road from Bateman’s Bay to Canberra is nearly as much fun as the best coast road in the world, the Great Ocean Road in Victoria (sorry, but the Pacific Coast Highway doesn’t cut it. It’s a very nice road, but the Great Ocean Road has views, is a fantastic drive in the right (sports*) car, and best of all, you can occasionally be the only driver around if you drive early or late.

* sports car == one that turns as directed and brakes that work because there are hundreds of bends and it’s over 130 km of (very) twisty bits. Bonus: acceleration. Coming out of a 25 km/h hairpin and opening the throttle before slamming on the brakes for the next 35 km/h decreasing radius sweeper is the most fun. US floaty mobiles like Probe et al or muscle cars (forward direction only 🙂 don’t cut it in this type of drive. Something nice and light, fast, responsive. A friend of mine’s Audi A4 quattro was the most hairraising drive I’ve ever done on the Great Ocean drive. He kept on taking 35 km/h corners at 70-80 km/h. It’s amazing how adhesive Geoff’s car was. I was bruised from that drive. Russ Cooper shared this particular hoon, so if you ever meet Russ, ask him about it.

9 Nov 2000 »

work
Hint to business types negotiating contracts to get someone else to do your IT work: security is important. Get advice, talk to lawyer types, include it in the contract or you will get attacked, and you will lose money.

hackery

Submitted a late entry for linux.conf.au. I’ll see if I’m accepted soon. I have some ideas I want to present to the crowd. They won’t like it much, and it should be controversial. Basically, it goes like this:

Cathedral and the bazaar is as an apt a description of the OSS process as any I’ve read. It’s also fairly cogent (particularly for esr 🙂 and is backed up by many of the smaller projects I’ve been involved with.

C&B also describes the general size, architectural thrust and relative duration of a project’s size, scope and vision. Cathedrals are huge, typically planned to some degree, and take years (and occasionally centuries) to construct. Bazaars, on the other hand, tend not to be very large (one or two streets in a village or filling a marketplace) have no architecture per se, and spring up overnight and disappear just as quickly. Booch (et al) in UML: a user’s guide refer to this as the difference between a kennel and a house. It’s possible for a single person to make both, but the two take different levels of planning and different mindsets.

The old Unix mindset of many small flexible tools (awk, grep, fetchmail, nm, tar, etc) doesn’t work when you want a word processor and a project management tool to be able to interact in rich flavors with each other. Not only are each of the two previous examples difficult to write and finish with a capital D, the architecture that allows them to interact is also similarly hard, with a capital H. To give you good examples, check out AbiWord and KOffice. These are good tools, and will be even better once they are finished, but they are multi-year, multi-person projects even before 1.0 is out and about.

My thrust is that OSS could do with the idea that software architecture is essential to not only getting to 1.0 quicker, but also allowing 2.0 and 3.0 to occur in the future. Getting 1.0 finished with the help of others coming in cold to your project is an essential portion of a large- scale OSS project. Try this: pick a large scale OSS project that you are unfamiliar with, like mozilla, XFree86 or KOffice and add a single feature from the TODO list or fix a critical long standing bug. How long did it take you to discover where that feature should exist in the tree and understand how the code hangs together. This is the warm up time. My premise is that architecture shortens this time, and can make all bugs that much more shallow.

With a clear architecture, anyone can say “I’ll do X” and go away and write X, test X, and integrate X into your source tree and it’ll work. Without it, features get grafted onto the side, ill-fitting, and require a fair amount of code rejigging, wasting valuable developer time.

I’m planning in presenting a paper on this concept, and how to successfully add software engineering constructs and architecture (conceptual integrity) to OSS projects without diminishing the best parts of “release early, release often” methodology.

The trick is to make it sound fun, and not like a trip to the grown up’s room or the dentist.

7 Nov 2000 (updated 7 Nov 2000) »

rachel: Australia

One of the reasons I’ll probably never bother going overseas to work is that I have an unbelievably good lifestyle that is appreciably better than some of my friends who live in San Francisco (or the wider Bay area) and earn at least twice as much as me (even given the parlous state of the Australian peso) using normalized USD.

I live in a beautiful city, with great weather (except when it rains, which is frequently) (and except during summer when the humidity sucks 🙂 It’s cheap to fly back to my home city, Melbourne, which is everything Sydney is not: cosmopolitan, 24×7, great cinemas, fantastic shopping, easy to live in, much cheaper housing, traffic jams that last about an hour, and so on…

darsal: human rights and your right to work on open source

IANAL, but…

If you’ve signed a contract prohibiting your labor on any other activity, that contract is in contravention of

The universal declaration of human rights
Labor laws in your country
Competition laws or Trade Practices acts usually bar this type of contract (non-compete clauses are illegal in Australia under the TPA, and in the US, contracts with long (more than a few weeks) non-compete have already been struck down
Any laws in your area allowing you freedom of association

It’s like saying that a company owns you, and they have access to you 24×7, which is clearly not true. This is clearly not allowed, and most countries have provisions to protect their citizens from exploitative contracts such as this.

The ridiculous analogy is this: if the company claims that you cannot work on OSS projects on your hardware at your house in your time, then they can stop employees being scout masters or providing services to volunteer organisations like Amnesty International on Candle Day. They can’t do that, so fuck them.

Short answer: as long as you are sensible, this will never come up. I work in security architecture. As long as I do not work in their time for anyone else or for myself in this field in my time, my company will never win any court case they bring against me. I don’t blab about stuff I see in my day to day work, I honor my NDA’s, and I do my work well (sometimes impinging on my time). But my open source and out of hours activity is MINE. I own those copyrights as my employer has NO right to them.

Stick up for your rights. Never be led to believe that you don’t possess any in a contract situation. Contracts that violate laws of your country or seek to override your rights or obligations to the country in which the contract is framed are illegal, and always will be. For example, it’s illegal to contract someone to commit murder. It’s illegal to contract someone to be present at a site when they are required to do jury service in Australia.

The problem is that court cases cost $$$$$$ and often it’s simpler to give in, which is the wrong thing to do.

SAGE-AU have finished working on something for this, and will be announced at AOSS2 late this month. See you there.

6 Nov 2000 »

hackery
Fired up an Archimedes emulator. Ah, the joys of * commands and Elite for the Archimedes. Such a cute OS.

eliot: weather in Australia

The weather in Australia is different depending where you go. For example, in Sydney at the moment, it’s a glorious spring day, the late afternoon sun shining on my front porch, warming the furry belly of my cat Meebles.

Check out Bureau of Meterology, or one of the more pleb friendly sites, like ninemsn.

work

Due to a horse race, it was impossible for me to organise several meetings or get people to go over stuff for tomorrow’s status meetings. I’ll have words to say about that at tomorrow’s meetings.

Wednesdays are looking more and more like “do nothing” days. I have a 1 hr meeting at 0900. Another 3 hr meeting at 0900. A 1hr status meeting in another part of Sydney at 1300. A 1.5 hr vendor presentation in Sydney city at 1430. And butting up hard against that, I need to be back in North Sydney for 1600 for our group’s status update meeting. In Debugging the Development Process, Steve Maguire states unequivocally that these sort of meetings are counterproductive, useless and should be eliminated or simply do not attend them. I cannot agree more. But I am a contractor, and I don’t have enough power to cancel these things. Oh well.

5 Nov 2000 »

schoen: IPv6
There are various IPv6 only services that provide a 6-to-4 gateway at their edge. This is how me and my flatmate intend to run our internal network once IPv6 routing is in place on his WaveLAN to 100BaseT gateway is in place.

IPv6 is about transition and seamless co-existance. If that story doesn’t get out soon, it’ll be harder for IPv6 transitions.

It’ll be a long time (10 years or more) before the old protocol will die (if ever). Whistler for example doesn’t support DLC, NetBEUI, or Appletalk. But I still see IPX and Appletalk today, so these protocols are anything but dead. IPv4 will take as long or longer to get rid of than these other “legacy” protocols.

I’m just glad I’m in a position to do my bit to make it happen in a modern first-world economy like Australia.

hackery

Installed Whistler Pro. Worked on auDA report and SAGE-AU sponsorship kit. Fun, fun, fun.

life

Bought Red Alert 2 Collector’s Edition. Awesome, cute little doco on the DVD. Titillating even. Bought Combat Flight Sim 2. Beautiful; the translucency and water effects are stunning. Win2K is the best games platform out there right now – all my games just work, and they work well. I can see a lot of hours going down the tubes, when coupled with Baldurs Gate II that I bought a few weeks ago and Flight Sim 2000 Professional that I bought earlier this year.

3 Nov 2000 (updated 3 Nov 2000) »

Making firewall and networking vendors nervous is fun.

I have been demanding IPv6 consistently from them for the last few months. I work at one of Australia’s largest telcos, and through them, we’re in a position to break the chicken/egg IPv6 cycle.

Cycle:

Networking vendors have no IPv6 products of any description because they believe there’s no demand
OS vendors have IPv6 available -> customers want IPv6 native links
Telco’s and ISPs require carrier class equipment (but can’t get it (see 1))
Breaking the cycle:
Telcos and ISPs everywhere ask vendors for IPv6.
Vendors get nervous and cite “no demand” (which is rubbish)
Telcos and ISPs promise to abandon vendor like the sack of rubbish they are if they do not have a IPv6 story this sales cycle
Vendors get very nervous and go away…
Vendors produce IPv6 capable devices
telcos and ISPs are delighted and offer IPv6 services to customers
customers can use IPv6 …
Internet is saved to allow another zillion billion pr0n sites to work on a web enabled toaster

So, soon you’ll see IPv6 offerings from major players. Start practising now. 🙂

Hint 1: Always use 3DES ESP and AH, not just unencrypted sessions (makes government sanctioned eavesdropping so much harder to look at your puny, worthless life)

Hint 2: Demand from your ISP for an native IPv6 link (just in case they believe they have no demand, which would be strange)

Hint 3: Start practicing at home with IPv6; you’ll find things that don’t work, so help make things work so that when the links are available, you’ll be right.

24 Oct 2000 »

life
Turned 30. World didn’t end. My actual b’day party is this coming Saturday in Melbourne. So my friends in Sydney are playing poker at my place, and feeding the cats whilst I am away.

Went to our company conference at the Gold Coast, staying at the casino there. Had a great deal of fun (not gambling). Played poker with my workmates in the hotel room with monopoly money and didn’t lose too much ($3 Australian peso’s). After a long and emotional day, tossed cookies. Tossing cookies == bad, especially when a fine meal and even finer cognac is wasted. Woke up at 6.30 am on Sunday, which is just wrong. 🙂 At least I didn’t suffer for my excesses.

hackery

My Win2K security presentation at the company conference went well. The guys used our WaveLAN cards to hack at my box (which was being used for the presentation) in an effort to retrieve a file I had created for the purpose. They did manage to crash the FW/1 auth agent, but in the end, they used a social engineering attack to retrieve the winning condition (they needed the passcode in the file to get the M&M’s). I’m glad my limited lockdowns on my Win2K laptop survived a cumulative 6 hours of extensive attacks and DoS from our company’s most gifted, um, security architects and the CTO. I’m sure there are still bugs to be found in Win2K, but for the average user, it’s good enough.

Updated my web site. It needs more work so that css works properly (ie the color scheme and fonts sucks and requires fixing). I also need to find an acceptable open source documentation license for all my SAGE-AU and other writings. If you have suggestions mail me.

advogato

I’m glad that my friend Luke has finally progressed to being certified at Master level. I find it amusing that people I consider Journeyer at best (ie they are around my skill level and achievements) are classified Master if they use Linux (and remember, I used to as well; I almost was employed by SuSE to work on reiserfs). Luke is one of the NetBSD Core. Over the last nine-ten years Luke has done more for NetBSD than most Linux hackers have ever done for Linux. The certification system here, simply because of weight of numbers will always lead to easy (and possibly wrong) certification for people associated with the Linux in-crowd.

SAGE-AU, auDA

Off to Melbourne tomorrow for the second auDA Competition Policy panel meeting. Should be vibrant. I’m waiting to see who emerges with the biggest knives.

SAGE-AU, perception, and privacy

I can’t say too much about this, but let’s just say that if you help your local professional association, it helps to communicate the privacy concerns of your membership base to a potential sponsor before giving them any contact information. I now have the unenviable task of recruiting a poorly behaved potential sponsor, which may cause a back lash among the members, even though it is a positive outcome for the organisation as a whole.