Aujourd’hui 15 otages des FARC ont été libérés par l’armée colombienne. Je me réjouis pour eux, et je suis complètement impressionné par la méthode employée. Au lieu de s’aplatir et d’échanger une otage contre un certain nombre de guerilleros, la Colombie a planifié une opération militaire et l’a parfaitement mise en oeuvre.
Après avoir localisé les otages par quatre mois de reconnaissance sur le terrain, ils ont utilisé la méthode de l’ingénierie sociale qui marche tellement bien quand elle bien utilisée, pour convaincre les FARC qu’un ordre venu d’en haut leur demander de transférer 15 otages plus profond dans la jungle pour plus de sécurité. Et une poignée de soldats s’est pointée en t-shirt du Che dans un hélicoptère repeint, s’est posée au milieu d’une soixantaine de guerilleros, a embarqué 14 otages et 2 gardiens des FARC, a redécollé, et a neutralisé les 2 gardiens avant de retourner à leur base.
Le tout avec zéro coups de feu tirés, et zéro victimes. J’imagine à peine la dose d’adrénaline contre laquelle ils ont dû lutter durant l’opération…
English:
Today 15 hostages of the FARC have been released by the Columbian army. I’m really happy for them, and I’m also quite impressed by the method employed by the army. Instead of bending down and trading one hostage for a number of FARC guerilleros, they’ve set up a perfect military operation with no negociation.
Based on information gathering and social engineering via radio, they managed to locate the hostages, managed to convince the FARC that hostages had to be transferred for more security, did not to blow their cover after landing, did neutralize the two FARC embarked with them in the helicopter, and made it back to their base after having shot zero rounds and made zero victims. A mission perfectly done, and I only can imagine the amount of adrenaline they had to manage during these twenty minutes!
Did you know that Meretrix Technologies “Care About Your Needs”? That could not tell you anything special, unless you remember that meretrix is latin for prostitute. Good to know that they’re ISO9001 certified .
Are they really serious, trying to be funny or simply ignorant?
Moreover, quoting the main page:
[..] We’re about performance, because you’re about performance, and we’re about unleashing the dynamic energy of today’s technology for you! We understand the importance of standards-compliant open systems technology, and we can provide the complete solutions that you need.
[..] Here at Meretrix Technologies, we understand the value of Continuous Quality Improvement. We believe that if we can provide constant improvement in our services, that their quality will continue to increase as a result, particularly over time, and that will, of course, mean greater performance over the long run.
[..]
They sell blue pills maybe?
And also:
[..] And as part of the Meretrix Vision, as seen by our founder, respected technologist, humanitarian, and bon-vivant Harry Mantakos, we believe that anyone who takes this web page seriously is a complete idiot. Hell, I wasn’t even wearing pants when I wrote it.
[..]
Definitely not serious. Woud you present your founder with such a picture?
Knowing the history of the relationship between Claws Mail and Sylpheed, it was amusing to read the release announcement for Sylpheed 2.5.0 earlier this week:
* New features
o The vertical 3-paned view mode was added.
o The feature to save SSL peer certificate was added.
o The option 'Treat HTML only message as attachment' was
added.
o The feature to confirm missing attachments was added.
o The feature to confirm recipients before sending was added.
Why is this amusing? It is amusing because Claws Mail, (née Sylpheed-Claws), started life as the development branch of Sylpheed, where new features could be added, tested and improved before going into the Sylpheed main branch — at least, that was the agreement which was reached and the agreement which instigated the start of the Sylpheed-Claws project — in order to make Sylpheed better rather than to make a better Sylpheed. To cut a long story short, although the movement of code from Claws to Sylpheed was happening early in the project, (Actions, Colour Labels and Templates originated in Claws, for example), this movement slowed and then ground to a halt. We had code and features in Claws that were well-tested and stable and yet the migration to Sylpheed was not happening, and little or no reason was communicated as to why this stagnation was occurring. Eventually it became obvious, without ever being said, that the features/code already written in Claws were not ever going to get into Sylpheed, and that Sylpheed was a one-man-band, a one-party system, as it were. So, naturally, the Claws Mail team decided to fork the project and go in its own direction. We started out with the aim to make Sylpheed better, and ended up with a better Sylpheed.
o The vertical 3-paned view mode was added.
In Claws Mail since version 2.8.0 (February 2007). Claws Mail also has additional 'Wide message', 'Wide message list' and 'Small screen' layouts.
o The feature to save SSL peer certificate was added.
In Claws Mail since version 0.8.5claws (October 2002)
o The option 'Treat HTML only message as attachment' was added.
With Claws Mail's clearer display/layout, an option such as this is unnecessary and irrelevant.
o The feature to confirm missing attachments was added.
Added as a plugin for Claws Mail in November 2006.
o The feature to confirm recipients before sending was added.
This feature is not in Claws Mail, but I wonder who actually needs a feature like this?
Coming up: An exhaustive list of the differences between Claws Mail and Sylpheed. (See what features Sylpheed might have in 5 years!!)
I’ve seen this mentioned in a few geek news outlets, the Denon AKDL1 Dedicated Link Cable. 1.5 meters of CAT5 cable for $500 — but then your music will sound so much better than with $1.5 cables !
The Amazon reviews are mostly hilarious. I wonder how large the target market can be for this, which is the perfect example of Snake Oil Product :-) The tags are mostly right.
the hancock project. A film by Bruce Gilchrist & Jo Joelson (London Fieldworks)
Institvtvm Pataphysicvm Londiniense
Department of Reconstructive Archaeology, dora 4
DVD. For distribution only to members and friends of the Institute. 33 signed copies (I to XXXIII), and 99 copies numbered 1 to 99.
Anthony Hancock, Paintings & Sculpture: A Retrospective Exhibition ran for 14 days in September 2002 at The Foundry, London. It allowed "for a complete re-assessment of Hancock's contribution to the art of his time" as the Department recreated "the entirety of Hancock's known pictorial output, as well as his most important sculpture (the magnificent and imposing Aphrodite at the Waterhole)." Magnus Irvin, gave a practical demonstration — by reconstructing Hancock's only known "action painting" Aphrodite at the Waterhole (on the Horizontal) — on the exhibition's opening night, 7 September 2002 vulg. (in reality New Year's Eve 129 EP by the 'Pataphysical calendar).
Compared to Hancock, Gainsborough comes across as a rank amateur, while Paul Cézanne is frankly contemptible. … Hancock craftily demonstrates that it is more socially valuable for artists to manifest the contradictions of their calling as specialist non-specialists, than to buttress the spectacle without even realising that art is irredeemably reactionary. Hancock intuitively understands that those capitalism condemns to be artists must simultaneously and by necessity join with the proletariat in allowing the real anti-art to begin. Our task is to create a new world, and all of anarchism can be found in the ridiculous idea that bohemians may live groovy lives while the rest of us are oppressed by the tyrannies of exchange.
Stewart Home, Tony Hancock as "The Rebel": Warhol before Warhol, or From The Art of Commerce to the Business of Art, Encomia for Anthony Hancock (Eds. Alastair Brotchie & Magnus Irvin) (London Institute of 'Pataphysics, 2002)
for d in `ldd /usr/local/bin/claws-mail | cut -d\( -f1 | cut -d\> -f2 | sed 's,\s,,'`; do dpkg -S $d 2> /dev/null; done | cut -f1 -d: | sort -u | xargs | for p in `cat`; do dpkg-query -W $p; done
Nice, isn't it? ;-)
For the curious: it gives all package names and versions of the libraries a binary depends upon (recursively, per ldd, and errors discarded, so beware!).
The enclosure movement and the slave trade ushered industrial capitalism into the modern world. By 1832 England was largely closed, its countryside privatized (some even mechanized), in contrast to a century earlier when its fields were largely open—"champion" country, to use the happy technical term—and yeoman, children, women could subsist by commoning. By 1834 slavery had been abolished in the British empire whereas a century earlier, on 11 September 1713, the asiento licensed British slavers to trade African slaves throughout the Americas. Together the expelled commoners and the captured Africans provided the labor power available for exploitation in the factories of the field (tobacco and sugar) and the factories of the towns (woolens and cottons). Whether indentured servant, West African youngster, former milkmaid, or woodsman without his woods, the lords of humankind looked upon them indifferently as laboring bodies to produce surplus value, and so emerged the Atlantic working day, which entirely depended upon a prior discommoning.
The legal cliché is that the American constitution is written, while the English is unwritten. Strictly speaking this is untrue inasmuch as both have stemmed from the Magna Carta of 1215. The important difference between English and American constitutional development is not that one is unwritten and the other is written. The difference is Africa. The maintenance and expansion of unwaged labor on the plantation where slaves produced surplus value was indispensable to American constitutional and revolutionary history, whereas the salient English development was the statutory enclosure of lands and privatization of all attempts at commoning. The Atlantic multitudes were divided by race in the emerging constitution. The Charters of Liberties were contested in this process. The enclosure movement, opposed by English commoners, conveniently ignored the Forest Charter. The movement to abolish slavery used Magna Carta and helped put it back into the English working-class movement.
Peter Linebaugh, The Magna Carta Manifesto, Liberties and Commons for All (University of California Press 2008), 94-95
“These developers seem to have their priorities in the right place.”
Jonathan Corbet of LWN published last week a review of Claws Mail. I’m quite happy about what he says, his review is quite positive and, as I like his work a lot, I’m pleased!
The result has finally been unleashed yesterday to me, and as expected, I'm not going to work in Madrid anymore with the client I was assigned for the last three months.
The result was obviously not the desired for my company, because, in abstract, it may have been a nice contract until 2009, but it's very difficult to compete with meat factories which lower the prices more than 30 percent over an adjusted budget. Anyway this prevented myself from having to take a plane every monday and friday for, probably, the rest of the year. There's also a negative part, like not meeting anymore soon with some Debian dudes in Alfredo's, like the dinner we had two weeks ago.
On the positive side, we're now living at our new home, though still setting things up. Lots of boxes and stuff spread on the floors, which is slowly being sorted and relocated. Still waiting for the dinning's room sofa, so we have to watch TV japanese style and have dinner in the kitchen. Fortunately internet connection seems to work smoothly, but now we have less bandwidth. To cut some costs the basic package was the choosen, which currently is a 4 Mbit download / 300 Kbit upload cable link.
My debian stuff is basically frozen since last post, though I've been able to sponsor one vagalume release and upload the 2.5 release candidate of sylpheed, which, by the way, is having a strange bug on some architectures. Public thanks goes to fgeek, which has allowed me to steal a little of his home bandwidth and cpu to maintain my IRC presence during this transition period.
To be able to change BIOS settings from the command-line on a Dell Poweredge, you need the syscfg utility. It’s very useful when you want to change a configuration on, for example, 32 nodes at once, without having to plug screen, plug keyboard, reboot, change setting, reboot 32 times. Here is how I installed it on the CentOS 5 distribution :
I’d have preferred an easier way, but couldn’t find syscfg’s RPM.
When deploying that to a lot of nodes, you probably don’t want to go through all the associated network downloads of the first phase (wget of the yum repository, yum, and wget of the 230MB iso), so you can take shortcuts:
# for node in $(list_of_nodes); do scp /usr/local/sbin/syscfg /var/cache/yum/dell-hardware-auto/packages/srvadmin-*.rpm $node: ; ssh $node “mkdir -p /usr/local/sbin; mv syscfg /usr/local/sbin; rpm -ivh srvadmin-*.rpm”; done;
Run and see the train just in front of you while several stairs are still missing…
Looks like the typical experienced way of loosing trains also if time to time you may fail. I failed with it and the odd rhythm got a start, probably it got some pause and finally it ended in the morning. Some step, four at time and you get into a square with a curious(!)(?(!))) policeman) dressing a blue uniform and a <-cosh.Uhm…it was probably more hilarious for them to see him while he tried to drive people as they were customized cars: yeye, but the park is nice and the small artificial lake too, just a bit black&white as all other things, but the sky seems disappeard.
Now is just walking and looking for a room, but is not that hard as it seems to be. A coffee news and fingers are prepared to a new odd rhythm while a gray iron woman is wishing to expose her beat of nuisance.
Finish, get up, walk, move, run a bit, the sky is still cromium-plated, some steps and a rest. Oh damn ****
Clearly, the Debian's OpenSSL maintainer has messed up seriously. Very seriously. He is the one to blame for thousands of machines being easily attackable during a time period of about 2 years.
It's not as if the OpenSSL team was unblamable of this misery though.
The original query of the Debian Developer resulted in an unfortunate answer of an OpenSSL team member, and other than that ignorance. Another mail about a year later clearly says that a patch commenting out those lines made it into Debian, again with no feedback, so even the "If OpenSSL had known that this should go into Debian..." argument is invalid. I wonder why, since an OpenSSL guy claims that this mistake is so obvious and that upon seeing the patch, "we (the OpenSSL Team) would have fallen about laughing, and once we had got our breath back, told them what a terrible idea this was."
I am not going to comment on the the claim that openssl-dev was the wrong mailing list, as Branden's blog post leaves nothing to add on that topic.
The claim that making OpenSSL Valgrind-clean is just a minor, unimportant cosmetic fix is wrong. The OpenSSL library is typically used by programs with network access. The developers of these programs often use Valgrind to catch memory access failures, which could easily compromise the security of the machine if not detected. Being able to Valgrind your code without drowning in OpenSSL warnings and errors is an important thing.
Using very questionable (see point below) constructs in the code without even a source code comment is not something to be proud of either.
The claim that the original OpenSSL code is not buggy is wrong. The claim that the "harmless" part of the disastrous patch is just harmless is wrong. It fixes a serious bug in OpenSSL. Using uninitialised objects with allocated or automatic storage results in undefined behavior in C.
It may add Entropy to the pool. It may crash. It may send out a tarball of your .ssh and .gnupg directories to ronald@mcdonald.com without letting you know.
All three options (and any other option) is completely valid at program run time, or even at compile time.
For example, this is a program that I use to predict the lottery numbers of the next five years:
#include <stdio.h>
int main()
{
int a;
a++;
printf("%d\n",a);
return 0;
}
What? This doesn't work for you? Welcome to the wonderful world of undefined behavior.
In the light of this, above linked comments sound almost ironic.
I feel Debian has learnt a lesson out of this. Can the OpenSSL team say the same?
Disclaimer: These are solely my oppinions. I speak for no project or company or whatever. I am in no way affiliated to either OpenSSL or Debian. Both are outstanding, impressive free software projects.
I had, until recently, a problem when it came to test memory on the nodes in my lab. Until now, I was able to PXE boot memtest+, but had to go down to the lab and plug a screen to check the output. Multiple annoyances: first I had to move my ass to the lab room, then I add to do some difficult things to plug a screen to the node, then I had to come back from time to time and look at the output. All of these right in front of the cooling units, which blow some really cold air now that they work correctly.
This morning I investigated in the source code of memtest+ and found out it supports output to serial consoles since recently!
A little upgrade later, I can now boot memtest+ with the console=ttyS0,57600 command line parameter and just watch my serial line output, without moving at all! Yay!
(Btw for those who’ll find funny to use DEFAULT memtest… PXE boot choices are updated via a cgi script called from an intranet tool, which itself is wrapped in a little GTK systray applet. This applet allows to reboot, shut down, power on, reinstall various distributions, follow serial line, open an ssh connection, on the lab’s nodes. This tool is also useable via command line for scripting power).
Encore une fois aujourd’hui, j’ai entendu quelqu’un expliquer que ne pas respecter le code de la route à vélo, ça fait perdre des points sur son permis. Comme ça commence à m’agacer, je l’écris:
Conformément à une circulaire du 23 novembre 1992, il ne peut y avoir retrait de points que pour les infractions commises au moyen de véhicules pour la conduite desquels un permis de conduire est exigé. (3.1d)
Griller un feu rouge, prendre un sens interdit, faire des excès de vitesse sur la rocade… Vous pouvez faire tout ceci à vélo, et vous risquerez une amende pécuniaire - mais certainement pas un retrait de points sur votre permis.
De la même manière, vous pouvez faire n’importe quoi à rollers et vous exposer à une amende maximale de 4 €, si vous vous faites choper sur la route : en tant que piéton (statut légal des personnes à rollers ou skate board), l’article R.412-34 de code de la route vous interdit d’utiliser la chaussée lorsqu’un trottoir existe. 4 €, pas plus, pas moins.
The first official release of an unofficial Claws Mail plugin is now available.
It is available from the Unofficial Claws Mail ClamAV™ Plugin page here on this blog.
This latest release of the plugin will build against the ClamAV™ 0.93 (libclamav 4:1:0) release and all older versions, once it is patched, of course. The necessary patch is also available from that page.
I will continue to maintain this unofficial plugin for at least as long as I am using the plugin.
See the page for more details.
Hier, j’ai essayé de déclarer mes impôts en ligne sur www.impots.gouv.fr. Jusqu’ici, ça marchait impeccablement depuis 2003 pour moi. Hier, j’ai eu des soucis:
Avec Firefox 3 beta 5, ça plante dès le début avec une zone d’applet grisée et “Applet signview bail” dans la barre d’état du navigateur. Qu’à celà ne tienne!
sudo apt-get install firefox-2
Avec Firefox 2, pas de java. Un symlink manquant: sudo ln -s /etc/alternatives/xulrunner-1.9-javaplugin.so /usr/lib/firefox/plugins/
Ensuite, avec Firefox 2 toujours, la déclaration elle même se passe bien; le seul problème est au moment de la signature numérique: “Erreur technique (n° 100)“. Argh!
Finalement, voici comment en 2008, j’ai réussi à déclarer mes impôts avec mon ordinateur sous Linux:
As some of you know, I’m developing a web at home using RoR. This framework makes your life easier than before with all its utilities and work done by it that you don’t have to do. But there is something that can make you go crazy when you look for only a row in the database using an object. You can do it as follows:
If you forget to include the part ‘:conditions=>’ and write
object = Object.find(:first, "id = #{foo_id}")
rails will return the first row of the table, “id = #{foo_id}” will be lost in the twilight zone and you will go crazy looking for the problem (specially if you are a beginner like me).
Everyone is familiar with this, no doubt…
I recently switched power supplier, because the previous one's prices were rising steeply. The previous company had overcharged me, my final statement from them told me as much. Two months later they still hadn't paid me back, so I telephoned their 'customer support' line, (not a free call), to get it sorted. A fortnight later my cheque arrived. The accompanying letter began with, "As promised here is a cheque for …" — As promised! As promised? They take my money, keep hold of it, force me to give them more money just to enquire about it, and then present themselves as the good guys! Hey npower, is it so hard to say sorry?
Meanwhile virginmedia announce that they "always try to listen to what our customers tell us and because you didn't think the premium rate call charge for our technical support helpline was
right, we decided to do something about it!" — as if it never occurred to them that their charges were high until some customers mentioned it. And in a sickeningly informal manner, "That means that now you can get the help and support you need, totally free, just like you asked." Well, thanks mate! You're a real pal. I hope this won't eat into your vast profits and require Branson to have a lifestyle change.
[suggested soundtrack: Alternative TV - You Bastard - The Image Has Cracked, 1978]
Some people say that we are geeks, nerds, freaks and a lot of things more, we wonder why is so difficult to promote the open source and free software. This two sentences are the result of actions done by us.
Yesterday I was reading some web pages (because I am in holiday so I have a little of time) and I linked to a page from a company (I won’t put the name here) which is trying to make money using and promoting open source software (good thing). This company is based in Barcelona and offers hardware with free software, support and all the software’s vanilla flavour used is catalan (the language spoken in Catalonia).
All this is good, great, amazing and a lot of positive words more but, there is one thing which is wrong in all this situation. If you want to make money, if you want to be professional (and you need to seem professional), you can not include in your web page this image
People see this image and thing that you are a group of weirdos in a little room next to Pl. Catalunya trying to do something that other people is already doing.
That’s the reason why I thing that a big part of the success of open source is our responsability and doing this we are not helping it to success (it’s our fault not to do it seriously).
I have to say that all this post is written from RESPECT to what you are doing guys (this don’t want to be an offence).
No, it's not a Britney's album reference and probably not as dark as the subject suggests, but the home change (which is not going to effectively happen until June 1st) requires the Internet connection I'm using to be removed from our current hired flat. Thanks to our much beloved Asturian ISP I perfectly know that from May 1st the current contract will be finished (and service dropped) and on 8th they will take back the cable-modem, but I have no fscking idea when the new contract and the new connection will be ready at the new home, despite having solicited it two weeks ago.
If that were not enough, and thanks to Murphy's law, my main IMAP mailbox (the account I have at the university since twelve years ago) seems to have disappeared into /dev/null. Service failures were not uncommon from time to time, but now I can connect and both mutt and Claws Mail keep on saying I have no INBOX, which looks pretty true from the little I can see when ssh'ing the mail server. I've already redirected the forwarders, but if telecable cancels also the current mail accounts associated with the contract I'll have to do again. And seems also I've been subscribed to a lot of lists with that address from aic.uniovi.es, because i'm not receiving any mail from debian lists... which is a real pleasure for now :-D. Fortunately Claws lists were double subscribed and I can read them on gmail, I hope the failures from the uniovi address aren't causing excessive trouble to our listmaster ;-).
On the Debian front the bugs for all sylpheed-claws related packages have been issued, so expect them to disappear soon from the unstable archive (they already were removed from testing several weeks ago). Bye bye sylpheed-claws, we won't miss you.
Following the awful review of Claws Mail in issue 86 of Linux Magazine — awful because of its inaccuracies — I wrote a critical blog post and informed the editor, Joe Casad, of my post, thoughts and feelings. He quickly responded, apologising and offering further coverage of Claws Mail in the form of a full article, if I would like to write it. What a great response, it couldn't have been any better!
The article is now written and published in issue 90 and can be downloaded in PDF format via this page.
Too bad about the seagull feet, I would have preferred to see The Manticore, a "gigantic red lion with a human face and three rows of teeth [whose] nails are twisted into talons, like drills and […] teeth are cut like those of a saw"[1], or Humbaba, who "had the paws of a lion and a body covered with horny scales; his feet had the claws of a vulture, and on his head were the horns of a wild bull".[1]
[1] Jorge Luis Borges, The Book of Imaginary Beings
I recently experimented with ads on the blog. Ten days later, I’m now sure they’re not worth the inconvenience/uglyness. They brought me a grand total of $0.16, which means $0.016 per day, approximately €0.010. Bye ads :-)
English is not my mother language (as most of you have noticed reading my posts). The fact is that I have to check some words while I’m writing an entry in my blog, an email or other written documents. At work, where unfortunatelly I have to use HaseXP, I use a translator called babiloo, a GPL Java app which I haven’t found for linux.
Some minutes ago, I was writting a composition for my english classes and I didn’t know how to translate a word to english. Googling a little, I found an entry in a lug website named bulma, which is the mother of my lug (badopi), titled ‘Wordtrans: un Babylon para Linux‘ written in 2001 which showed me this application to translate these words that I don’t know in english.
Old articles have their usefulness too.
UPDATE: This application is available in Debian (stable, testing and unstable), which is the GNU/Linux distro I use at home.
The claws-mail packages have reached the 3.4.0 version. These include several important fixes, so all users are encouraged to upgrade. I planned to include Colin's pre-release multiple-fixes patch in a previous upload but finally the lack of time and the near release date provoked this upload hadn't occurred. There's something new in the packaging because I've switched all the copyright files to machine-interpretable copyright format. This is not mandatory (just a proposal) but I think it's interesting enough to support it. I'll be giving a lightning talk about this proposal within the Dudesconf-II event, the small debconf-like conference to be celebrated in A Coruña in a couple of weeks. I'll be traveling by car with chipi, another Debian developer which came with me last year, and baby, who has been recently promoted also to Debian developer (yay! congratz Miriam! welcome to debian.org, the republic of the spammed people! :-)). Hopefully that week I won't be traveling to Madrid for working, otherwise it could be very tiresome. Unfortunately I have to do it tomorrow, so once the claws-mail-extra-plugins have finished uploading (in process right now) I'm going to bed ;-).
Lately I am working on a personal project using and learning Ruby on Rails (a.k.a. RoR). It is a very useful framework known and used worldwide (it is an impressive creation).
I am creating models and mysql tables using migrations now. To create a table RoR helps to the programmer including in it a column named id, an int(11), which is the table’s primary key (something helpful) but including the attribute auto_increment. It is the behaviour that tables have normally but now I need a table with a column named id created as the primary key but without the attribute auto_increment (because it is a table which is a specialization of another one).
This is a cumbersome task because you have to google a lot to find out how (and there are several ways to do it). The easiest way to do it is (IMHO because I’m still a newbie using RoR):
def self.up
create_table :groups, :id=>false do |t|
t.column :id, :integer, :null=>false
t.column :name, :string, :limit=>50, :null=>false
t.column :description, :string, :limit=>150, :null=>false
t.timestamps
end
execute("ALTER TABLE groups ADD PRIMARY KEY(id)")
end
My frustation in this case is that I have to use a SQL sentence ‘ALTER TABLE’ to define the column ‘id’ as the table’s primary key. I wish there was a migration’s sentence to define a column as primary key without using the execute sentence.
If somebody knows a different way to do it using only migration commands, please write a comment.
A user told us on the mailing list that he got a crash. It was SIGXFSZ, File size limit exceeded… Due to the protocol log file growing too much, probably 2 or 4 gigabytes…
The end of his log reads:
IMAP4< 8918737 OK Status completed.
The number at the left is the transaction id of the IMAP protocol, incremented by 1 on every command. That means almost 9 millions commands :-) Our user started Claws Mail on March 10, it crashed on April 17 only due to the log file.
A few days ago I was annoyed at hard disks, after the little one in my iPod died. I considered buying a brand new iPod, but I didn’t really want to spend 250 euros on a shiny new mp3 player that has a color screen, whereas my scratched old mp3 player with its black and white screen… plays music just as well, and that’s all I want.
So I ordered just the hard disk from an Ebay seller (which I recommend if you need the same…) for only 40 dollars. I received it today, swapped the disks, and reformated the iPod following a nice howto which spared me the shame of begging a colleague for a Windows machine with iTunes installed. (Yes, it’s a geeky howto involving fdisk and dd, but I’m not scared at all by the shell, and I don’t care about whether it’s user friendly or not. It’s Colin friendly, and that’s all I want).
And now it works again just fine, and gained 10GB of capacity in the process :-)
I’m experimenting with ads on the blog; they should be FOSS-oriented and not too intrusive… I’ll see in a few weeks whether that’s interesting to keep or not.
Hard disks are fragile. I know it since a while, and I’m prepared: I have good, up to date backups made automatically every night or week, depending on the data’s importance. OK, I know it! but I’m getting tired of it: Saturday, smartd reports read errors on my server’s /dev/hdc. I order two IDE disks (in order to have a spare available next time). Sunday, my mother calls me for help: her iBook’s hard disk has failed utterly just before she did a migration to her new laptop. 4 years of data lost; doing backups was on her to-do list since a year, but the old saying is verified again: no one does backup properly until they experience a loss of important, unique data (like digital pictures or emails). And today, I get on my train back from work, power on the ipod, but no music for me:
I ordered an 1.8″ disk (for about eight times less than a new iPod, but still, it’s annoying.)
En français - Saine paranoia, partie IV : pourquoi les laisse-t’on faire ?
“Mais que fait la police”, vous demandez-vous… Il paraît surprenant que ce genre d’activités reste impunies. En effet ! Les responsables et bénéficiaires de ce genre d’arnaques sont en général recherchés, et parfois arrêtés. Cela reste, hélas, rare, car ils sont souvent suffisamment prudents pour éviter de laisser des traces directes les incriminant. Certains, en général les Veuves du Regretté Général Machin, utilisent des comptes emails jetables (sur hotmail, yahoo, etc) étant donné qu’ils ont besoin de correspondre ensuite avec leurs victimes pour transformer l’essai. Ils ne se connectent sur ces comptes que par des cybercafés, des proxys anonymisants, etc : jamais de leur accès internet chez eux.
Les autres, les arnaqueurs à large spectre ainsi que les spammeurs, utilisent des réseaux de machines piratées (appelés Botnets). Ces machines peuvent être des serveurs mal sécurisés, ou encore de simples ordinateurs de particuliers qui ont attrapé un virus - car maintenant, les méchants virus destructeurs de données, programmés par de petits génies de l’optimisation et de la discrétion, sont chose rare. La plupart des virus actuels se contentent de se cacher sur votre ordinateur, ne causent aucun dégât afin d’éviter d’être repérés, et transforment votre ordinateur en plaque tournante d’arnaques - c’est beaucoup plus rémunérateur à long terme. Dans votre dos, votre PC enverra donc de nombreux spams, un serveur Web y sera installé qui contiendra une copie du site de Paypal ou autre, etc.
Le mode de propagation principal de ces virus est, là aussi, l’email - provenant d’un autre PC infecté. Lorsque vous recevez un mail avec des photos d’une quelconque célébrité à poil, une vidéo marrante à regarder, ou encore un faux retour d’email avec une pièce jointe, la plupart du temps, un virus dans la pièce jointe attend sagement que votre curiosité vous pousse à l’ouvrir. Le fait que l’email en question provienne d’un inconnu ou d’un contact connu (ami, etc) n’y change rien : l’adresse d’expéditeur est fausse et trafiquée. Soyez sûr d’avoir un bon antivirus à jour.
Le moyen le plus efficace de se débarasser de ces nuisibles, puisque les arrêter est difficile, serait de rendre l’activité moins rémunatrice et plus compliquée. Certains (rares) fournisseurs d’accès Internet coupent l’accès à leurs abonnés chez lesquels ils détectent un trafic suspect (milliers d’emails envoyés, etc) jusqu’à désinfection, mais la plupart ne le fait pas, étant donné que lesdits abonnés râlent quand cela leur arrive.
In english - Sane paranoia, part IV : Why aren’t they stopped?
It sounds surprising that this kind of activities aren’t punished. Indeed! The individuals responsible for (and who benefit from) such scams are generally actively wanted by the authorities, and sometimes arrested. This is, unfortunately, rare, because they’re often cautious enough to avoid leaving directly incriminating trails. Some of them, generally the Widows of the Regretted Late General Blahblah, use throw-away email accounts (on hotmail, yahoo, …), as they’ll need to correspond with their victims in order to cash in on their scam. They only connect to these accounts from cybercafes, anonymous proxies, and so on; never from their own internet account at their place.
The others, the large spectrum scammers and the spammers, use networks of pirated computers (called Botnets). These computers can be badly securised servers, or simply private computers who got infected by a virus - these days, rare are the mean, destructive viruses that we were used to. The majority of modern viruses just hide in your computer, cause no visible harm in order to avoid being detected, and turn your computer into a so-called zombie, spewing out hundreds and thousands spams every hour, getting a web server serving a copy of Paypal’s site, and so on.
The main propagation mode of these viruses is, as usual, email - often coming from another infected computer. When you receive a message with pictures of a random celebrity naked, a funny video to watch, or sometimes, a fake email bounce with an attachment… most of the time, there’s a virus in the attachment waiting for your curiosity to make you open it. The fact that said email comes from a random stranger or a known contact (best friend, wife, boss, …) is irrelevant: the sender’s address is faked and doesn’t mean anything. Make sure you have a good, up-to-date antivirus.
The best way to get rid of these parasites, as arresting them is difficult, would be to render their activities less financially rewarding and more complicated. Some rare Internet service providers cut their subscribers’ access when they detect suspect traffic (thousands of sent emails over a short period of time, for example); but most don’t, as this process is rarely well-received by the affected people.
En français - Saine paranoia, partie III : les arnaques ciblées
Les précédents comptaient bien vous avoir. Leur technique, qui fonctionne, requiert tout de même du courage. Il en faut, pour correspondre avec une centaine de pigeons en parallèle, leur extorquer le maximum par la persuasion, continuer avec la dizaine restante, les presser jusqu’à la moëlle, avant de recommencer avec de nouvelles victimes potentielles.
Ce serait quand même vachement plus pratique de n’avoir rien à faire pour arnaquer les gens, n’est ce pas. C’est la catégorie des arnaqueurs paresseux, qui a monté un autre type d’email piégé… L’email de phishing. Comme son nom l’indique, il s’agit là d’aller à la pêche, mais à la pêche à la nasse, pas question de s’enquiquiner à attendre que ça morde. (la faute d’orthographe dans phishing n’en est pas une. Elle indique la nature cybercrime de la chose).
Les emails de phishing se présentent généralement sous la forme d’alertes de sécurité, de la part de grands sites très connus où l’on peut manipuler de l’argent - Paypal, Ebay, votre banque…
Ces emails seront inquiétants :
Cher Membre PayPal,
En raison des mesures de securité que vous offre PayPal, vous êtes prié de suivre les étapes fournies et de confirmer vos informations en ligne pour la sûreté de vos comptes. Cependant, la non-comfirmation de vos informations peut avoir comme conséquence la suspension provisoire de compte.
(Fautes de français laissées intactes).Suivra un bla-bla habituel sur les procédures de sécurité :
Veillez à ne jamais communiquer votre mot de passe à des sites frauduleux. Pour accéder de manière sécurisée au site PayPal, saisissez l’URL PayPal (https://www.paypal.com/fr/) pour accéder au site authentique de PayPal.
Rassurantes, ces procédures de sécurité ! S’ils me disent tout ça, ça devrait être un vrai mail, n’est ce pas ? Un pirate ne se couperait pas l’herbe sous le pied ainsi ?
Ben si. Ça marche mieux comme ça, car, malgré les lignes précédentes, la plupart des gens cliqueront quand même là :
Vous êtes prié de suivre les étapes fournies et de confirmer vos informations en ligne pour la sûreté de vos comptes. Cliquez ici pour commencer la procedure.
Vous avez cliqué ? Ici j’ai modifié le lien pour pointer sur un site totalement différent et inoffensif ; mais le mail en question vous aurait renvoyé sur un site qui n’est pas celui de Paypal, mais qui y ressemble à s’y méprendre. Sur celui-ci, on vous aurait demandé de remplir toutes les informations demandées par Paypal (dont votre mot de passe, numéro de carte bancaire, et même parfois, code secret de carte banquaire). La page d’aide de Paypal à ce sujet détaille bien la chose.
J’ai pris Paypal comme exemple ici, mais ne vous en faites pas, vous recevrez de faux emails du même genre “de la part” de votre banque, Ebay, votre fournisseur d’accès Internet (souvent “nous avons détecté des activités illégales sur votre compte”, mais pas seulement), etc.
Ne cliquez jamais sur aucun lien, d’aucun email provenant d’un site qui gère pour vous des choses importantes, comme votre argent. En cas de doute, connectez-vous via votre raccourci enregistré, ou en tapant l’adresse à la main. Si le site avait quelque chose à vous signaler, ce sera via le site lui-même, pas via email.
In english - Sane paranoia, part III: targeted scams
The previously mentioned scammers hoped to get you, but their method, although it works, still requires a certain amount of motivation. One needs motivation to manage corresponding with a hundred of possible targets at once, squeeze the most out of them using persuasion, continue with the remaining dozen, go as far as possible, and restart the whole process with new potential victims.
Wouldn’t it be much more practical to be able to scam large numbers of people almost automatically? It’s exactly what lazy scammers thought, and implemented in another kind of trap email: the Phishing email. As its name implies, it’s about going to fish, but using a net - no bothering and waiting for bites!
Phishing emails generally look like security alerts from big, known and trusted e-commerce websites that manipulate money - Paypal, Ebay, your bank…
These emails will be scary:
Dear PayPal customer,We recently reviewed your account, and we suspect an unauthorized transaction on your account. Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.
These emails will usually have a few paragraph about the importance of security procedures:
Make sure you never provide your password to fraudulent websites: To safely and securely access the PayPal website or your account, be sure to verify the link found in the address bar. This must be https://www.paypal.com/.
These security procedures really are reassuring, aren’t they? If they warn me about security, that must be a real email, isn’t it? A mean bad guy wouldn’t screw himself up this way?
Well, yes, he would, because its works better like that. Just write these security procedures, and be sure that most people would still click on the link just after:
We require you to complete an account verification procedure as part of our security measure. You must click the link below to securely login and complete the process. Click here to activate your account.
Did you click? Here, I changed the link to point to a totally different and inoffensive website; but the quoted email would have sent you to a website that isn’t Paypal’s, but that looks exactly the same. On this fake website copy, you would have been asked about a lot of information (including your password, credit card number, and even, sometimes, credit card’s PIN code). Paypal’s help page about the subject explains this really well.
I used Paypal as an example here. But don’t worry! You’ll also get fake mails “from” your bank, “from” Ebay, “from” your Internet Service Provider (usually along the lines of “we detected illegal activity from your account” - but not only), and much more.
Never click any link on any email from any site handling important things like your money. If in doubt, log in via your bookmark, or type the address yourself. If the website has something to warn you about, it’ll do so via the site itself, not via email.
En français - Saine paranoia, partie II : les arnaqueurs à large spectre
Les spammeurs sont agaçants, certes, mais pas bien dangereux. Nous allons voir que l’on peut trouver bien pire qu’eux : des arnaqueurs qui en veulent à :
votre porte-monnaie
votre identité
Parmi ceux-ci, il y a deux types ; les arnaqueurs à large spectre sont ceux qui espèrent récupérer des informations intéressantes de vous, ainsi que de l’argent (le vôtre, hein), d’où que cela puisse provenir.
En VO, ils sont aussi appelés 419 scammers, ou encore Nigerian scammers, bien qu’ils n’aient pas souvent de relation avec le Niger.
Ils vous contacteront dans un long mail alambiqué de formules de politesses et de fautes de français (ou bien, en anglais, tout simplement) et vous expliqueront leurs malheurs…
Cher ami,
Je suis Allen Anthony, l’avocat personel de Monsieur Hughson Taylor. Le 21 avril 2007, mon client, sa femme et ses trois enfants ont été impliqués dans un accident de voiture. Hélas, tous les occupants ont été tués.
Comme c’est triste. (Vous pourrez aussi tomber sur la veuve du Regretté Général Machin, la soeur du Regretté Président Truc, etc). Vous découvrirez ensuite pourquoi vous avez été contacté, car votre aide précieuse est nécessaire !
Je vous ai contacté car j’ai besoin d’aide pour rapatrier le patrimoine de Monsieur Taylor avant qu’il ne soit confisqué par les services fiscaux, et qui sont de US $7.500.000 (sept millions cinq cent mille dollars américains). Je n’ai pu retrouver aucun héritier, je voudrais donc donner cet argent à des oeuvres de charité.
Oh là là, tout cet argent qui va être confisqué par le fisc au lieu d’être donné aux oeuvres de charité ! Mais que puis-je donc faire pour aider ce pauvre homme ! Ne vous en faites pas, vous allez le savoir très vite.
J’ai besoin de votre aide : il faut vous désigner comme son héritier, de manière à pouvoir sortir cet argent de la banque. En remerciement de votre aide, je me propose de vous laisser 10% de cet argent, soit US $ 750.000 (sept cent cinquante mille dollars).
Tout ça pour moi ! Où-est-ce que je signe !?
OK, sauf que non. Répondez à cet email, et vous mettrez le doigt dans un engrenage dangereux. Tout d’abord il faudra fournir un certain nombre de renseignements à Monsieur Allen Anthony, afin qu’il puisse préparer les papiers nécessaires : nom, prénom, date de naissance, lieu de naissance, photo récente, photocopie de carte d’identité.
Et voilà, ça, c’est fait, votre identité peut maintenant être utilisée par n’importe quel escroc à travers la planète.
Ensuite, bien sûr, pour récupérer cet argent, il faudra avancer quelques frais, rien de bien important en comparaison de ces sept cent cinquante mille dollars qui vous attendent: 50 euros par ci pour que la banque fasse le nécessaire, 100 euros par là, etc. Une comptable US a un jour coulé la PME pour laquelle elle travaillait, à force d’avances. En théorie, la plupart des êtres humains ont de plus en plus de mal à arrêter les frais lorsqu’ils ont l’impression que la récompense est proche.
Enfin, à un moment ou un autre, il faudra communiquer votre numéro de compte en banque, bien sûr, pour pouvoir recevoir cet argent. Et là, …
En résumé : Non, vous n’avez pas une chance monstre d’avoir été choisi pour cette mission. Vous êtes en train de contempler un hameçon jeté sous vos yeux par un escroc.
Le même processus existe avec des variantes :
The WEST CLIFF CASINO BOARD International promotion UNITED KINGDOM program is proud to inform you that you have just won Two Million British Pounds (£2.000, 000, 00).
Non plus. Ici aussi, râtissage de compte bancaire doublé d’un vol d’identité en vue.
NOTICE…Winner Of £1,000,000.00 Pounds ! We wish to congratulate and inform you on the selection of your email coupon number [...]
VERIFICATION AND FUNDS RELEASE FORM
1.FULL NAMES:_________________________________
2.ADDRESS:__________________________________________
3.SEX:___________
4.AGE:_______
5.MARITAL STATUS:__________________
6.OCCUPATION:___________________
7.E-MAIL ADDRESS:_____________________________
8.TELEPHONE NUMBER:_____________________
9.AMOUNTWON:____________________________
10.STATE:__________________________________
11. COUNTRY________________________________
12. NEXT OFKIN:_____________________________
13. ZIP CODE:_______________
14:NATIONALITY:___________________________
Ben tiens !
(Tous les exemples sont tirés de mon dossier Courrier Indésirable, que j’avais vidé il y a moins de 48 heures. Depuis, j’ai gagné six millions à la loterie (en quatre mails), et suis en mesure d’aider trois personnes proches d’un riche décédé).
In english - Sane paranoia, part II : large spectrum scammers
Spammers are annoying, but not very dangerous. We’ll see that we can find much worse than them: scammers, that have evil plans concerning:
your wallet
your identity
Among them are two types ; the large spectrum scammers are those that hope to get interesting informations out of you, as well as your money, wherever it is.
They’re also called 419 scammers, or Nigerian scammers, although they don’t often are in relation with Nigeria.
They’ll contact you in a long mail full of polite formulas and typographic errors, and will explain the awful difficulties they face…
Dear Friend,
I am Barrister. Allen Anthony, a personal Attorney to Mr. Hughson Taylor. On the 21st of April 2006, my client, his wife and their three children were involved in a car accident along Udonthani express Way. All occupants of the vehicle unfortunately lost their lives.
How sad. I’m deeply moved. (You’ll probably also get emails from the widow of the Regretted Late General Blah, or the sister of the Regretted Deceased President Blahblah, and so on). You’ll then find out why you’ve been contacted, because your precious help is necessary!
I contacted you to assist in repatriating the money and properties left behind by my client before they get confiscated or declared Unserviceable by the bank where he has deposits particularly the Citizens Bank where the deceased had an account valued at about US$7.500.000 dollars. (Seven million and five hundred thousand dollars).
Oh, all of that money going to be confiscated! But what can I do to help this poor fellow!? Don’t worry, you’ll know that real quick.
Since I have been unsuccessful in locating the relatives for over 2 years now, I seek your consent to present you as the next of kin of the deceased since you have the same last name so that the proceeds of this account valued at US$7.500,000 dollars can be paid to you and then you and we can decide what to do with the money and others vital asset of his.
All of this money for me! Yeah! Where do I sign up!
Well, yes, but no. Reply to this email, and you’ll put the finger in a dangerous place. First you’ll have to provide Mr Allen Anthony with a number of informative items about you to Mister Allen Anthony, so that he can prepare the necessary paperwork: name, surname, date of birth, place of birth, recent photograph, photocopy of your ID card or driver’s license.
Voilà, that’s done, your identity can now be used by any crook in the world.
Then, of course, in order to get all these millions back from the bank, you’ll have to advance certains fees, fifty dollars there, hundred here, and so on. An american accountant once led his business file for bankruptcy due to all these fees. In theory, most of the human beings we are have a really hard time realizing they’re being abused and stop before it’s too late, when each time it seems the reward is closer.
Finally, at some point, you’ll have to communicate your bank account information, of course, in order to be able to get all this money. And then…
To make the long story short: No, you’re not really lucky to have been chosen for this mission. Rather, you’re contemplating a big hook dropped under your eyes by a crook.
The same process exists with some variants:
The WEST CLIFF CASINO BOARD International promotion UNITED KINGDOM program is proud to inform you that you have just won Two Million British Pounds (£2.000, 000, 00).
Not so. Exactly the same things will happen.
NOTICE…Winner Of £1,000,000.00 Pounds ! We wish to congratulate and inform you on the selection of your email coupon number [...]
VERIFICATION AND FUNDS RELEASE FORM
1.FULL NAMES:_________________________________
2.ADDRESS:__________________________________________
3.SEX:___________
4.AGE:_______
5.MARITAL STATUS:__________________
6.OCCUPATION:___________________
7.E-MAIL ADDRESS:_____________________________
8.TELEPHONE NUMBER:_____________________
9.AMOUNTWON:____________________________
10.STATE:__________________________________
11. COUNTRY________________________________
12. NEXT OFKIN:_____________________________
13. ZIP CODE:_______________
14:NATIONALITY:___________________________
Sure!
(All of the examples there are from my Spam folder, which I had emptied less than 48 hours ago. Since then, I won six millions at the lottery (in four emails), and am able to help three persons looking for a recipient to a rich deceased’s millions).
En français - Saine paranoia, partie I : les spammeurs
Je le répète à beaucoup de gens, spécifiquement les nouveaux internautes autour de moi : Internet, c’est sympa, plein de ressources intéressantes, on y découvre des communautés de gens sympathiques, etc. Mais très vite, on y découvre des tas de pièges, placés là par des gens mal intentionnés. Il suffit de le savoir, et d’y prêter attention, mais hélas il suffit de baisser sa garde une fois pour que des désagréments fâcheux commencent à arriver.
La plupart de ces dangers arrivent sous formes d’emails.
Peu de temps après avoir commencé à utiliser une adresse email, pas mal de monde va commencer à essayer de vous vendre diverses choses - les respectables magasins en ligne, d’une part, dont on peut assez facilement se débarrasser, et les spammeurs, d’autre part. Ceux-ci ne respectent pas les lois en vigueur et l’on ne peut pas s’en débarrasser. Vous pourrez leur acheter très facilement diverses choses:
des pilules magiques telles que Viagra, Cialys, etc
des herbes magiques qui vous feront une bite de Rocco Sifredi en un mois
des fausses Rolex, et autres articles luxueux du genre
des faux diplômes, papiers, etc
Dans chacune de ces catégories, vous vous feriez arnaquer. Quoi que vous achetiez, vous recevrez au mieux, des placebos, ou simplement rien. Pensez-vous vraiment pouvoir confier votre numéro de carte bleue en ligne à ce genre de vendeurs?
Au final, cette catégorie d’indélicats est assez facile à ignorer ; avec les filtres anti-spams actuels, dits adaptatifs ou encore bayésiens, il suffira d’en marquer quelques uns comme spam pour ne (presque) plus en voir.
I keep repeating it to a lot of people, specifically new Internet users around me : Internet is nice, fun, big, full of interesting resources, one can discover lots of communities about various subjects, and so on. But quite soon, a lot of traps surface, placed there by malicious people. Avoiding them isn’t too difficult, once you know about them and pay attention; but one time is enough to get some serious annoyances.
Most of these dangers come to you via email.
Not long after starting to use an email address, a lot of people will start trying to sell you various things - normal e-commerce website, on one hand, which you can easily get rid of, and spammers, on the other hand. Spammers don’t abide by the laws, and you can’t get rid of them. You’ll be able to buy a lot from them:
magical pills, like Viagra, Cialys, and so on
magical herbs that’ll miraculously provide you with a penis bigger than Rocco Sifredi’s
fake Rolex watches, and other fake “big brands” stuff
fake diplomas, papers, and so on
In each of these categories, you’d get owned. Whatever you’d buy, you’d get at best placebos, or just nothing. Do you really think you can trust such senders with your credit card number?
In the end, this category of scumbags is quite easy to ignore ; with the current anti-spam filtering techniques, bayesian filtering, you’ll only have to mark a few of these emails as Spam and (almost) never see one again.
I just realised that, since I started doing free software development, debugging has become much easier than it used to be.
At first, I didn’t even knew gdb, and debugged with printf()s. Totally impractical, slow, prone to error (as it moves corruptions to other places or even completely hide them), requires recompilation and a new run each time one needs more info.
Then I learnt about gdb and how to use it. Once I could reproduce a bug, finding its root cause became much easier. Mid-2002, a crash handler was added to Claws Mail, which automatically attached gdb to a crashed process and got a backtrace. That increased the quality of our crasher bug reports, when Claws Mail was compiled with debug symbols. Distributions were more and more shipping with bug-buddy or equivalents, that did the same thing. It was still rather useless without debug symbols, but better than nothing…
Then Valgrind came around, and that gem made tracking down corruptions, double-frees, unitialized pointers, dangling pointers, etc, much easier. I remember tracking one of these in IMAP code for days, and Valgrind would have made it clear in a matter of minutes. Valgrind is the debugging tool that gives me the most “oh damn, how did I not notice!” moments.
As if it wasn’t enough, the glibc developers started integrating basic handling of memory allocations errors, basically making the program dump core right on such an error, instead of silently corrupting things and continuing to run for a few seconds/minutes. And now, the glibc itself is able to produce crude stacktraces when crashing on these conditions!
Finally, distributions developers start to get tired of crash dumps with no debug symbols, and some services appear that automatically re-trace crashes with debug symbols: Launchpad.net, for example, gets bugreports with stacktraces from Ubuntu’s apport. Then a bot automatically retraces with debug symbols, and we get a really nice report.
All of these really help, and kids these days have it easy!
If you want to install Ruby on Rails in a Debian Sid the only thing you have to write is:
gems install rails --include-dependencies
but if you want to install it in a Kubuntu Gutsy you will obtain the following error:
Bulk updating Gem source index for: http://gems.rubyforge.org
ERROR: While executing gem ... (Gem::GemNotFoundException)
Could not find rails (> 0) in any repository
it’s necessary remove the parameter –include-dependencies to install it successfully.
A coworker of mine noticed after cleaning up his IMAP folders, that he managed to fill INBOX.Trash with 313.924 mails, and Thunderbird failed utterly at managing that folder.
He then tried to open it with Claws Mail, which succeeded at the second attempt (a wifi disconnect ruining it at 70% the first time - and the 200 MBs of downloaded data got leaked in libetpan, bad).
The second time, the folder opened:
As you can see, the folder is big. We discovered an overflow in the size handling in the process: the mailbox was bigger than 1GB… Claws consumed 670MB of memory with that folder open, but it handled it.
When trying to empty it, we noticed that setting Deleted flags was really slow, and the server process was using 99.9% CPU on the server. We ended up destroying the mbox on the server.
I have found this article included in meneame about useful pieces of software to include in a pen drive (maybe some of you have already read it ).
It’s a good enumeration to choose what you want to use in your every day tasks to make your life easier with different alternatives (for instance the three browsers to choose). If you know any other piece of software to include in that list you can add it as a comment in this blog (I want to use my 512 MB pen drive to have my own Swiss Army Knife).
The only thing I don’t like about this article is that the guy who wrote it call Freeware to all the pieces of software when there are GPL software (as are DSL or Portable Firefox).
It’s a while I’m working at the translation of the Claws Mail manual and probably I’ll finish it before 2009 (better to don’t give too much the sense of the expectation)
Actually the manual is composed by 12 XML files of different size, the bigger is glossary.xml [25.5 kB]
At this point I translated 7 XML files and from the missing ones I asked some help. Actually a guy got 3 of the files but in this time he’s a lot busy with work and can’t have enough free time to work on them.
If anybody is willing to help and have some free time to translate also 1 of them (they are around 10 kB) can contact me so that I could send or you can get them directly from cvs.
Here the list of the files that still need a translation:
* handling.xml
* keyboard.xml
* plugins.xml
A good hint I could give is to keep track of the related it.po file so that the translation will be more congruent.
-
–
—
“Which is more musical: a truck passing by a factory or a truck passing by a music school?” –John Cage
We don't need government
We need utilities.
Air, water, energy
Travel and communication means
Food and shelter.
We have no need for imaginary mountain ranges
Between separate nations.
We can make tunnels through the real ones.
Nor do we have any need for the continuing division of people
Into those who have what they need
And those who don't.
Both Fuller and Marshal McLuhan
Knew, furthermore
That work is now obsolete.
We have invented machines to do it for us.
Now that we have no need to do anything
What shall we do?
Looking at Fuller's geodesic world map
We see that the Earth is a single island, Oahu.
We must give all the people all they need to live
In any way they wish.
Our present laws protect the rich from the poor.
If there are to be laws, we need ones that
Begin with the acceptance of poverty as a way of life.
We must make the world safe for poverty
Without dependence on government.
I'm being lazy again updating this. As predicted in a previous entry (oh, I'm lazy enough to link it) my life has changed for a while. A while which is going to last for three months (though the first one is finishing this week). I'm now working from Monday to Friday at Madrid, living in a, well, a kind of single flat, but worse: a bathroom, a couple of small beds (I only use one, the other is handy to leave the luggage), a table with two chairs, a couple of armchairs and a minimalistic kitchen behind accordion doors. All packed in less than 30 square meters. To be honest I spent most of the day at work and most of the remaining time sleeping, so having such crappy residence is not as depressing as it seems at first. The remaining time is filled with unsophisticated cooking, food collecting, personal hygiene and watching some movie on the MacBook. Lacking an internet connection limits the amount of hacking it can be done, and I simply batch it for delivery around valley hours at work.
Connection at work is behind a proxy, but not a fascist one, so I've been able to ssh home using httptunnel. The server part was easy, just drop apache from port 80 (not really a problem because apache2 is running on 443 and serving all the interesting things) and start the hts tunnel server on the same port redirected to localhost's ssh port. On the client side things are a bit more tricky because I'm on a Redmond OS, but the htc client can be run both under cygwin and also compiled for win32 (though this version also uses cygwin1.dll). Amazing enough the "compiled for win32" version which is started directly by a shortcut seems to work better than the cygwin one when started from a shell. Version numbers seem to be the same, and cygwin1.dll is also the same (the version provided with the "compiled for win32" was older than the one in my cygwin installation making impossible to use both at the same time, so I replaced it), so it's a mistery to me why it appears to work better.
While httptunnel is a nice improvement over ajaxterm it fails from time to time and you have to restart the connection to the localhost client. This is a minor annoyance in standard usage, but can appear quickly if you increase the traffic in the tunnel, for example raising an ssh tunnel within the http-tunneled connection for making a remote X display be shown locally in the cygwin X server. Using the ssh tunnel for, lets say, sftp uploads, causes it to fail even more frequently, though limiting the upload bandwidth in filezilla helps to maintain the connection alive.
On the Debian side, I've been dealing with bugs, mostly claws-mail ones and the sylpheed-claws removal, which is pretty advanced right now: all sylpheed-claws* packages are now out of testing and ready to be removed also from unstable. Only a migration path is needed for existing users, which will be providing another virtual package in claws-mail (like it's already done for sylpheed-claws-gtk2). I've also requested a binNMU for claws-mail, because current build dependencies make it uninstallable in unstable. A "binNMU" (which stands for binary Non Maintainer Upload) is a kind of semi-automatic rebuild of the binary packages in a source package, used mainly for library transitions (like this one).
There's another area in the Debian side which itches me lately: the sylpheed upstream bug handling. Day after day I miss more and more a friendly bugzilla (or anything similar) where upstream bugs can be posted and, more important, tracked. The few forwarded bugs in the BTS are like messages in a bottle. I've sent them to Hiro, but no response was received, neither Changelog mention or any other sign they have been treated or discarded. Sending them to /dev/null would have been equally efficient. I've noticed he does usually respond to bugs posted in the list, so maybe that's the way to go.
Buy one 1U server from $supplier, specifically ask for a pair of rails, learn that “Of course it comes with rails!”.
Two weeks later. Buy a 42U rack, and eight 1U servers, all of these from the same $supplier, and at the same time. Receive your rack and 8 servers, without rails. Inquire by email: “No, servers don’t come automatically with rails, you didn’t ask for them”.
It's been a while since my initial announcement of the Claws Mail - OpenSyncconnection. Addressbook and calendar synchronisation are a pretty important topic for me. I hate trying to keep all those addressbooks or calendar events on PDAs or cell phones in sync manually. It is a lot of hassle - and ultimately just doesn't work.
The OpenSync guys came up with a pretty well thought-out synchronisation framework that sounded interesting enough to invest some rainy Saturday afternoons and hook up Claws Mail with it.
Now that contact synchronisation is going better and better, I decided to make my hands dirty on calendar events as well. Colin, being the author of Claws Mail's vCalendar plugin, helped me out and implemented part of my calendar interface wishlist in the vCalendar plugin. As a result, one-way syncs of calendar events from Claws Mail to OpenSync counterparts are possible.
As a proof of concept, let's use a Claws Mail / EDS sync group to show upcomming calendar events in the GNOME clock:
It's far from being complete (and even farther from being usable), but it's an encouraging progress.
Hosting moved to github. There's one repository for the OpenSync plugin for Claws Mail, and another repository for the Claws Mail plugin for OpenSync. You'll need both if you want to try this out. Also, the plugin for OpenSync requires a pretty recent (probably svn) version of OpenSync up and running.
Since the Claws Mail ClamAV™ plugin was dropped there have been several comments made in several places; Naturally enough, people have been confused over the incompatibilities of GPLv3 and GPLv2 — some thought it would be possible to simply release the ClamAV™ plugin under GPLv2, (it's not), some imagined that we were trying to instigate a holy war, (we're not), some thought it could easily be solved by changing the way and place the plugin is executed, (it can't), some surmised that it would be better if GPLv2 and GPLv3 were compatible, (if they were then GPLv3 would be redundant), some thought we were too hasty in changing Claws Mail to GPLv3+, (that's a matter of opinion), some think anti-virus at the user-level is useless on Linux anyway, (they've got a point), and others criticized us for not discovering that libclamav was GPLv2-only in the run-up to Claws Mail changing to GPLV3+, (hmmm!).
Now, a quick recap on what I'm talking about:
Claws Mail upgraded its license from "GPLv2 or later" to "GPLv3 or later".
The Claws Mail team were alerted to the licensing problem, (a GPLv3+ app cannot link to a GPLv2-only library), by Debian Bug Report 462963.
The Claws Mail team implemented what they thought was a possible solution: Making the ClamAV™ plugin a standalone plugin instead of it being part of the main Claws Mail package and downgrading the plugin's license to GPLv2+, (at the agreement of all the authors of the new code that has been added since the change to GPLv3+, which was just Colin).
In the meantime the Claws Mail team sought confirmation of their solution from the Software Freedom Law Center and were informed that the proposed solution was not legally distributable.
The Claws Mail team dropped the ClamAV™ plugin.
Some interesting points to note: When the ClamAV™ plugin was first released, libclamav was released under a 'GPLv2 or later' license. The 'or later' clause was first dropped in ClamAV™ version 0.91rc1, (libclamav version 2:4:0), which was released on the 30th May 2007. On the 17th August 2007 it was announced that SourceFire® had acquired ClamAV™. One can clearly see that there could be a connection here, and imagine that discussions between the ClamAV™ developers and SourceFire® had been taking place. Then one may recall that Snort®, the network intrusion detection system, was also acquired by SourceFire® and it also downgraded its license to GPLv2-only — and not without some controversy; for example, see this post, Snort license changes revisited, on the Inliniac blog.
In my opinion, a license change is an important thing, particularly a downgrade in the licensing of a library, which could impact on several other projects. But, when looking at the NEWS and README files of ClamAV™ version 0.91rc1 there is nothing to be found about the license change, which seems a little strange. Even stranger is that the ChangeLog doesn't mention it either! That's a bizarre oversight by whoever writes those files.
Downgrade Claws Mail? Are you crazy?
A few Claws Mail users, having upgraded without taking the time to read the release notes, and suddenly finding themselves without a ClamAV™ plugin, and panicking, (well, possibly panicking), have asked how to downgrade Claws Mail so that they can get the plugin back.
It is possible to call clamscan, clamd, or clamdscan using Filtering or Actions as an alternative, for example:
None of these methods are as quick as the plugin however.
The best solution, it seems to me, would be for these users to keep a copy of the ClamAV™ plugin and build it themselves — as long as they do not distribute their copy of the source code they would be within the bounds of the law, as the problem here is only the distribution of source code under incompatible licenses, not in personal use.
Here is a copy of the ClamAV™ plugin source code which has been patched so that it will only build with libclamav version 2:3:0 or earlier, that is, the last version of libclamav to be released with a 'GPLv2 or later' license, making it legal to distribute. There is nothing stopping you from taking this code and patching your own local copy so that the restriction is lifted, the only caveat is that you must not distribute your locally patched copy.
You could use a patch like this and then run ./autogen.sh:
.
Run and see the train just in front of you while several stairs are still missing…
