The Musings of Chris Samuel

In an interesting blog on patents, copying and litigation former Sun CEO Jonathan Schwartz discloses that Bill Gates and Steve Balmer tried to put the frighteners on Sun over OpenOffice.org to try and protect their office application monopoly. Their attack went like this:

“Microsoft owns the office productivity market, and our patents read all over OpenOffice.” [...] “We’re happy to get you under license.”

Of course (as ever) they do not identify any patents, as that would let us fix any problems (if there are actually any), they would much rather weave their usual web of FUD on the matter than come clean. Jonathan’s response turned the issue on them on a different tact:

“We’ve looked at .NET, and you’re trampling all over a huge number of Java patents. So what will you pay us for every copy of Windows?”

That killed that angle of attack off..

I’ve just spent a bit of time fixing up a fairly simple bug that was preventing Rich Boakes’s “Worst Offenders” plugin¹ from working in current WordPress versions (basically it was assuming it had created a submenu somewhere it wasn’t) and merged my branch back into trunk to check the content of comments for a list of bad words. No release yet, this is just in trunk, but if you are feeling adventurous you can go into your WordPress’s wp-content/plugins directory and do:

svn co http://plugins.svn.wordpress.org/worst-offenders/trunk/ worst-offenders

Of course make sure you’ve nuked any earlier version of Worst Offenders first!

1. This plugin classifies your Akismet spam queue by various criteria to let you do bulk deletes for comments matching various criteria [back]

This is a great shame, though probably not that surprising these days, but the UK Joint Academic Network (JANET) is going to pull its Usenet News service on the 31st July 2010. Basically I suspect the ever declining SNR has put people off, and these days everyone knows the web and the closest they get to knowing what Usenet is (or maybe was) Google Groups. JANET says:

There are now few active registered News Feed users and News Read users and the current infrastructure is nearing its end of life. JANET(UK) have therefore decided that it is no longer economically viable to run the service, especially in the current financial climate. We therefore will cease to offer the service when the existing contract expires on July 31st 2010.

Especially sad for me as I cut part of my first real sysadmin job at the University of Wales, Aberystwyth, was working on the Usenet news system that had been set up originally by Alec Muffett and I was for quite a while the maintainer of the UK.telecom newsgroup FAQ and the alt.config guidelines.

Update: I’ve been digging through some old email – here’s one from 4th August 1993 giving an idea of what we had to struggle with:

OK, I deleted all binaries under alt.binaries, all of junk and all of control. That, coupled with the AEM_TIDY got us about 27 meg back. I then ran a doexpire, whch took a long while but we’re now up to about 53 Meg free, or about 85% of the 400 Meg partition.

Yup, the entire university news spool at that time was a whopping great 400MB. We were using nntplink with CNews for the time (this was before we knew about INN).

Taken the plunge and upgraded from Wordpress 2.8.6 to 2.9.1, so if you’re seeing issues with the site leave a comment here, or if that doesn’t work catch me on Twitter.

Update: removed the link to the SpamAssassin announcement as the link isn’t permanent!

In case you’ve not noticed – SpamAssassin had a nasty Y2K10 bug which had been fixed months ago but the fix never got pushed out into a release or updates.

Those of you using SpamAssassin to filter your mail may want to watch things a bit more closely than usual; it seems that current versions still include the rule known as FH_DATE_PAST_20XX, which adds 2-3 points to any message with a 2010 date in the headers. Surprisingly enough, such dates have suddenly become common, with the result that SpamAssassin may be generating more false positives than usual.

The fix is now included in the updates pushed out by sa-update, run it with -D to get debug output and check you’ve picked up 895075 or later. You’ll see it say:

[4096] dbg: dns: 5.2.3.updates.spamassassin.org => 895075, parsed as 895075

If you’re running Zimbra then you’ll need to fix this manually, in the VPAC install (5.0.x) I changed a line in /opt/zimbra/conf/spamassassin/72_active.cf from:

header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]

to:

header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]

The other alternative is to set the score of the rule to 0 in your local.cf file:

score FH_DATE_PAST_20XX 0.0

Then go hunting for legitimate email in your spam folder (I’m lucky enough that none got picked up).

This just in from Ben Lawrie:

For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.

But wait, there’s more..

To make matters even worse, through a piece of (in retrospect) incredibly bad design, HTTP servers will, under some circumstances, replay that arbitrary prefix in a new authentication context. For example, this is what happens if you configure Apache to require client certificates for one directory but not another. Once it emerges that your request is for a protected directory, a renegotiation will occur to obtain the appropriate client certificate, and then the original request (i.e. the stuff from the bad guy) gets replayed as if it had been authenticated by the client certificate. But it hasn’t.

Ben has a patch against the current development head of OpenSSL to ban renegotiation, but for most people it’ll need backporting to their current OpenSSL versions..

In a posting to the Open-MPI development list Jeff Squyres has requested feedback from Fortran MPI developers on proposed changes to the bindings of MPI functions in MPI-3. He writes:

In the MPI-3 Forum, we’re working on revamping the Fortran bindings to be “better” (for a variety of definitions of “better”). There’s at least one question that we really need some feedback from the MPI Fortran developer community before proceeding. Craig Rasmussen from Los Alamos National Laboratory, chair of the MPI-3 Fortran Working Group, asked me to post a “request for information” to my blog and pass on the URL to every Fortran MPI programmer that I know

The URL of Jeff’s blog is http://blogs.cisco.com/ciscotalk/performance/comments/mpi-3_fortran_community_feedback_needed/. Please pass this on if you do know other Fortran MPI developers.

Wordpress 2.8.5 has just been released:

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.

It includes a fix for a trackback DoS attack that’s apparently going on at the moment. I’ve updated the 3 blogs I look after with a quick svn switch http://svn.automattic.com/wordpress/tags/2.8.5.

Wow, this is pretty impressive, there is a WIP port of Q3A to the Nokia N900 using the accelerometers to control movement and there are some videos up to see using the TV-out on the phone:

Someone even video’d a multi-player demo at the Maemo summit..

It’s not publicly available (for the moment at least) from what I can tell, a comment on YouTube says:

Currently not (“yet” I’d guess) – but remember that this is just a work in progress / feasability study – this is only a developer version that got distributed over the weekend during the Maemo Summit 2009 in Amsterdam.

Still, looks fun!

Update: the document linked to below has either been removed or moved on the Nokia site, the link has gone 404.

OK, so I spotted that the PDF manual for the Nokia N900 was online and so I grabbed a copy of it to read through. Of course, like all user manuals, it talks about lots of bits and pieces but doesn’t go into the technical details for some decisions, so as a result I’m puzzling over a couple of points. They are:

1. Can you charge the phone whilst it is off ? Might sound like a silly question but the Neo Freerunner has to be on to charge.
2. Is the Offline mode the N900’s version of Flight Mode or Airplane Mode ? The manual says that you can’t make or receive calls, no wifi, etc. But it goes on to say that “Calls may still be possible to the official emergency number programmed into your device”. I’m guessing that means that if you try that it’ll power up the GSM modem for that call, but it’s just a guess. (Page 33)
3. Why can’t the A-GPS service use Wifi ? The manual says that only “a packet data Internet access point can be used.”. (Page 77)
4. Whilst saying that most updates can be installed using the N900 itself the manual also says that “an update using the Nokia Software Updater may sometimes be necessary”. This is Windows only software – any chance of a Linux version, or can something like dfu-util be used instead ? (Page 85)
5. Does the N900 automatic time update use NTP, GPS or the GSM time information some carriers provide (or some combination) ? (Page 97)

If you’ve any ideas or inside knowledge on any of those points I’d love to know!