Blog

29 Nov 2000 »

One of the lucky 60,000 Australians to have bought a PlayStation 2. I’m going to have serious tekken thumb tomorrow. 🙂
mrorganic: agreed. Check out talk.origins. It’s very useful if you’re into combatting silliness, whilst demonstrating that we are open to new ideas as they arise. That’s what shits me about creationists. They claim we are closed minded. Well, yes, about creationism I certainly am closed minded – there is NO evidence to back it up, and usally creationists are aiming to teach creationism alongside accepted theories. As new things come up in biology and related fields, as long as there is repeatable experiments with the scientific method being used, or hard evidence to back it up, I’ll take it on board. Creationism fails both measures.

gstein: agreed. Unless I personally helped start or did a shitload of work, I always feel uncomfortable putting anything other than “contributor” or “developer” on my associations with projects.

22 Nov 2000 »

Skud: AOSS2
I’m going to AOSS2 to do the SAGE-AU presentation. Mail me your presentation as a backup mechanism – it can come across on mr laptop. Also, I’m reasonably certain that Michael Paddon et al (ie the organisers) will look after it for you as well.

work: Win2K security tute

I gave my Win2K security tute another run today. A Microsoft dude was in the crowd. Low attendance – about 10 people fewer than RSVPs I had managed to get. The people there were probably taught to suck eggs, which is not always that pleasant – particularly as it’s a three+ hour tute.

I did manage to get across the idea that NT/Win2K security is about using the integrated form of authentication, which is key. Every single time people go away from it, they suck at it. I have some other examples as well, but this is just one of the more recent and visible ones.

hackery

Working on getting the VNC thing fixed (as well as is possible). I’m going to kerberize VNC into the current developvnc.org CVS code and also work on revamping the current authentication scheme to something that’s a little bit more secure from Applied Cryptography. Too much effort, and we have a kerberos like scheme. I’m thinking Wide Mouth Frog at this stage. It’s about the same complexity as NTLM. Trent will be the VNC server.

A possible nice thing is that VNC includes 3des C++ class helpers. I’m going to look into extending that implementation to 3des-cbc and encrypting the stream. Avoids the use of SSL or ssh entirely for relatively low cost. Trick is that the initial setup can be done quite badly.

19 Nov 2000 »

certify me
Have Win2K upgrade 070-240 MCSE exam Tuesday morning first thing. Have beer-n-babes tonight. Study or beer. Beeeeeeeeeeeeeer. Baaabes. Study. I think you can see which will win.

work

Have too much work on at work. I’m presenting a Win2K security tutorial on Wednesday morning and I need to install Win2K Server on something so I can do demos during the tute. Microsoft dudes are coming, so I can’t suck.

hackery

Need to finish off our presentation et al to go to the Australian Open Source Symposium and get press for our secret project (OSDA) which we are announcing there.

At least I get to see Skud again before she potters off to Canada.

See you there.

12 Nov 2000 (updated 12 Nov 2000) »

life

Flew to Melbourne for a wedding. Travelled lightly – no baggage whatsoever. Mum freaked out about that.

Went shopping, bought a new suit and overcoat. Nice overcoat. Shame I live in Sydney where I will be able to wear it due to cold weather conditions about two or three times a year. Went to Mikasa and bought a nice wedding gift for Shaun & Rosemary.

Caught the garter. Parents don’t know yet, as I’ll never hear the end of it. The depressing thing about my last couple of weddings is the diminishing number of single women competing for the posey.

work

Work had a small geek rod-length check with a trivial maths problem. The trick is to write the smallest completely calculating and functional program to come up with the answer. Using simple algebra, it falls out in less than a few lines on a page, so that’s not an acceptable solution. It must calculate the answer.

What is the five-digit number in which the sum of the first two digits is one less than the third, the third double the fourth, the fourth double the last, the third the product of the fourth and fifth, the second five more than the first, and the first one-eighth the third and also one- fourth of the fourth?

Here’s my solution in JavaScript. The other guys got down and dirty with perl line noise and even a shell example:

% 16842
16482: Command not found

But that’s cheating, as they precalculated it.

flying

I hate getting up early to fly. I’m sleep deprived. I love flying. I like 747’s – they land just like a 400 tonne bricks shouldn’t. I don’t like 737’s – the Cessna 172 of the airline world.

My secret shame: I don’t like landings. They make me nervous and my heart goes afluttering during them, even in nice conditions. I’ve been flying all my life, at least two or three flights every year, and at the moment, it’s about 20-30 flights a year, which shits me as I don’t spend many weekends in my own bed. But I still get nervous during landings. I don’t know why. I fly FlightSim 2000 on my PC, and I’ve got landings down pat there, and I know what a good landing looks like in real life. I know all about fishing for the ground, and appreciate the true skills of the computers or pilots plonking those big babies on the ground in weather that gives me the willies, but I still find landing distressing. Oh well.

reading: Iain M Banks is a legend

Wooohoooo! mbp has the new Iain M. Banks book. That means that I have a chance of getting it as well! Excellent.

driving: mbp’s fang

The Sydney -> Batemans Bay -> Canberra -> Federal Highway – > M31 -> Sydney drive is an excellent little fang (it’s about 700 km all up from my place, and I’ve done it twice now). This drive can only be improved via going through the Royal National Park: 30 km twisty bits instead of the boring direct way. The mountain twisty bits on the road from Bateman’s Bay to Canberra is nearly as much fun as the best coast road in the world, the Great Ocean Road in Victoria (sorry, but the Pacific Coast Highway doesn’t cut it. It’s a very nice road, but the Great Ocean Road has views, is a fantastic drive in the right (sports*) car, and best of all, you can occasionally be the only driver around if you drive early or late.

* sports car == one that turns as directed and brakes that work because there are hundreds of bends and it’s over 130 km of (very) twisty bits. Bonus: acceleration. Coming out of a 25 km/h hairpin and opening the throttle before slamming on the brakes for the next 35 km/h decreasing radius sweeper is the most fun. US floaty mobiles like Probe et al or muscle cars (forward direction only 🙂 don’t cut it in this type of drive. Something nice and light, fast, responsive. A friend of mine’s Audi A4 quattro was the most hairraising drive I’ve ever done on the Great Ocean drive. He kept on taking 35 km/h corners at 70-80 km/h. It’s amazing how adhesive Geoff’s car was. I was bruised from that drive. Russ Cooper shared this particular hoon, so if you ever meet Russ, ask him about it.

9 Nov 2000 »

work
Hint to business types negotiating contracts to get someone else to do your IT work: security is important. Get advice, talk to lawyer types, include it in the contract or you will get attacked, and you will lose money.

hackery

Submitted a late entry for linux.conf.au. I’ll see if I’m accepted soon. I have some ideas I want to present to the crowd. They won’t like it much, and it should be controversial. Basically, it goes like this:

Cathedral and the bazaar is as an apt a description of the OSS process as any I’ve read. It’s also fairly cogent (particularly for esr 🙂 and is backed up by many of the smaller projects I’ve been involved with.

C&B also describes the general size, architectural thrust and relative duration of a project’s size, scope and vision. Cathedrals are huge, typically planned to some degree, and take years (and occasionally centuries) to construct. Bazaars, on the other hand, tend not to be very large (one or two streets in a village or filling a marketplace) have no architecture per se, and spring up overnight and disappear just as quickly. Booch (et al) in UML: a user’s guide refer to this as the difference between a kennel and a house. It’s possible for a single person to make both, but the two take different levels of planning and different mindsets.

The old Unix mindset of many small flexible tools (awk, grep, fetchmail, nm, tar, etc) doesn’t work when you want a word processor and a project management tool to be able to interact in rich flavors with each other. Not only are each of the two previous examples difficult to write and finish with a capital D, the architecture that allows them to interact is also similarly hard, with a capital H. To give you good examples, check out AbiWord and KOffice. These are good tools, and will be even better once they are finished, but they are multi-year, multi-person projects even before 1.0 is out and about.

My thrust is that OSS could do with the idea that software architecture is essential to not only getting to 1.0 quicker, but also allowing 2.0 and 3.0 to occur in the future. Getting 1.0 finished with the help of others coming in cold to your project is an essential portion of a large- scale OSS project. Try this: pick a large scale OSS project that you are unfamiliar with, like mozilla, XFree86 or KOffice and add a single feature from the TODO list or fix a critical long standing bug. How long did it take you to discover where that feature should exist in the tree and understand how the code hangs together. This is the warm up time. My premise is that architecture shortens this time, and can make all bugs that much more shallow.

With a clear architecture, anyone can say “I’ll do X” and go away and write X, test X, and integrate X into your source tree and it’ll work. Without it, features get grafted onto the side, ill-fitting, and require a fair amount of code rejigging, wasting valuable developer time.

I’m planning in presenting a paper on this concept, and how to successfully add software engineering constructs and architecture (conceptual integrity) to OSS projects without diminishing the best parts of “release early, release often” methodology.

The trick is to make it sound fun, and not like a trip to the grown up’s room or the dentist.

7 Nov 2000 (updated 7 Nov 2000) »

rachel: Australia

One of the reasons I’ll probably never bother going overseas to work is that I have an unbelievably good lifestyle that is appreciably better than some of my friends who live in San Francisco (or the wider Bay area) and earn at least twice as much as me (even given the parlous state of the Australian peso) using normalized USD.

I live in a beautiful city, with great weather (except when it rains, which is frequently) (and except during summer when the humidity sucks 🙂 It’s cheap to fly back to my home city, Melbourne, which is everything Sydney is not: cosmopolitan, 24×7, great cinemas, fantastic shopping, easy to live in, much cheaper housing, traffic jams that last about an hour, and so on…

darsal: human rights and your right to work on open source

IANAL, but…

If you’ve signed a contract prohibiting your labor on any other activity, that contract is in contravention of

The universal declaration of human rights
Labor laws in your country
Competition laws or Trade Practices acts usually bar this type of contract (non-compete clauses are illegal in Australia under the TPA, and in the US, contracts with long (more than a few weeks) non-compete have already been struck down
Any laws in your area allowing you freedom of association

It’s like saying that a company owns you, and they have access to you 24×7, which is clearly not true. This is clearly not allowed, and most countries have provisions to protect their citizens from exploitative contracts such as this.

The ridiculous analogy is this: if the company claims that you cannot work on OSS projects on your hardware at your house in your time, then they can stop employees being scout masters or providing services to volunteer organisations like Amnesty International on Candle Day. They can’t do that, so fuck them.

Short answer: as long as you are sensible, this will never come up. I work in security architecture. As long as I do not work in their time for anyone else or for myself in this field in my time, my company will never win any court case they bring against me. I don’t blab about stuff I see in my day to day work, I honor my NDA’s, and I do my work well (sometimes impinging on my time). But my open source and out of hours activity is MINE. I own those copyrights as my employer has NO right to them.

Stick up for your rights. Never be led to believe that you don’t possess any in a contract situation. Contracts that violate laws of your country or seek to override your rights or obligations to the country in which the contract is framed are illegal, and always will be. For example, it’s illegal to contract someone to commit murder. It’s illegal to contract someone to be present at a site when they are required to do jury service in Australia.

The problem is that court cases cost $$$$$$ and often it’s simpler to give in, which is the wrong thing to do.

SAGE-AU have finished working on something for this, and will be announced at AOSS2 late this month. See you there.

6 Nov 2000 »

hackery
Fired up an Archimedes emulator. Ah, the joys of * commands and Elite for the Archimedes. Such a cute OS.

eliot: weather in Australia

The weather in Australia is different depending where you go. For example, in Sydney at the moment, it’s a glorious spring day, the late afternoon sun shining on my front porch, warming the furry belly of my cat Meebles.

Check out Bureau of Meterology, or one of the more pleb friendly sites, like ninemsn.

work

Due to a horse race, it was impossible for me to organise several meetings or get people to go over stuff for tomorrow’s status meetings. I’ll have words to say about that at tomorrow’s meetings.

Wednesdays are looking more and more like “do nothing” days. I have a 1 hr meeting at 0900. Another 3 hr meeting at 0900. A 1hr status meeting in another part of Sydney at 1300. A 1.5 hr vendor presentation in Sydney city at 1430. And butting up hard against that, I need to be back in North Sydney for 1600 for our group’s status update meeting. In Debugging the Development Process, Steve Maguire states unequivocally that these sort of meetings are counterproductive, useless and should be eliminated or simply do not attend them. I cannot agree more. But I am a contractor, and I don’t have enough power to cancel these things. Oh well.