Ah, I get it. My website needs more warez on it to be reputable. And this people, is why Web of Trust models don’t equate to website trust. Here’s a tip, it has to do with internet vigilantes being morons.
Archive for April, 2010
hmmm….
Tuesday, April 27th, 2010Red Hat Enterprise Linux 6 Beta
Thursday, April 22nd, 2010Holy shit, they actually shipped the damned thing.
Also, has anyone else noticed that CentOS is still on 5.4, while RHEL 5.5 has been out for a month now? Is that project dead or something?
getdeb
Thursday, April 15th, 2010I have decided to do a random audit of the getdeb service. GetDeb is a service which provides updated packages and other packages not distributed by Ubuntu, here are my initial conclusions.
getdeb-repository itself, is a badly packaged package which fails to conform to Debian/Ubuntu policy:
- The package depends on wget and lsb-release, which are part of the Ubuntu base system;
- The package belongs to the utils section, which is inappropriate, as getdeb is not a utility;
- The control description begins with a capital letter;
- The control long description is only one sentence long;
- debian/postinst invokes wget to download the repository GPG key when it should just ship it as part of the package (meaning that it is not piuparts clean in a non-networked environment)
- debian/postinst blindly invokes sudo, even though the package manager always runs with root access – this will break if sudo is configured to prompt for password even on uid=0, or with SELinux
- debian/postrm blindly calls rm on a configuration file; this should be left up to dpkg to do.
- debian/copyright says the package is under GPLv3, but there is no data in the package that could be placed under such a license
- debian/changelog specifies the package is specifically for karmic, if it’s a generic distribution target it should be set to unstable (update: apparently this is OK in Ubuntu, but it would never fly in Debian)
getdeb packages are not dist-upgrade clean
The packages that getdeb installs do not pass dist-upgrade because they apply arbitrary modifications to the packaging which is not necessarily applied upstream. As an example, look at this bug against audacious in Ubuntu, which results in QA problems when people upgrade to the next version. Admittedly, this is more related to design problems in dpkg, but I submit that the packages created by GetDeb should not stray from upstream’s packaging structure.
To avoid this problem, the GetDeb team advises that you remove all GetDeb packages from your system before upgrading; however they do not provide any mechanism for doing so easily.
getdeb packages include upstream changelogs
Debian packages should never include the upstream changelog, but instead a summarized version which lists key problems solved in the new package (with links to appropriate distribution/vendor bugs).
getdeb packages do not appropriately set Origin: in the control file
Debian packages provided by getdeb do not appropriately use the XSBC-Origin field to embed vendor information in their third-party packages. This makes it harder to identify getdeb packages on a system, as the version tag is not reliable enough.
If I am wrong about any of this, I will be happy to correct the above. However, given these initial conclusions I think it is appropriate to not use GetDeb, and instead use the official Ubuntu backports distribution and properly vetted repositories like Medibuntu, especially given the fact that there is no mechanism to report problems in the software downloaded from GetDeb.
average myspace users…
Wednesday, April 14th, 2010
I think I know why MySpace is irrelevant now, unless I’m missing something.
Also, why the hell does Newegg have a MySpace account? Seriously. At least it’s not friendster.
Also, whoever named this person Bricenel must hate their children.
Stuff like this really leaves me concerned about the state of social networking in the progress of human evolution. Unfortunately, I think it’s definitely causing devolution of the English language. I haven’t really seen anything like this on Facebook yet though. But it’s a matter of time I bet…
Wow, blog spamming is pretty bad
Tuesday, April 13th, 2010Out of the 348 comments I have had in the last 90 days, 341 of them were rejected as spam. Sheesh.
internet promotion is dead
Tuesday, April 13th, 2010Anyone who tells you that internet marketing is relevant is totally full of shit. Depending on what product sector you’re marketing for, music, information technology, whatever, it does not really matter. No, really, lets look at this:
- MySpace Music, for example, is a place where 1,000,000 horrible bands are shouting at each other every day.
- Web Hosting Talk and DigitalPoint are two forums filled with shouting braindead idiots who can’t really demonstrate why people should go with their services (other than playing a pricing war, which is utterly inane).
- Blogs like Kotaku are the least ridiculous place for the gaming industry to push their games, but it’s still pretty crappy, and bloggers only cover things they actually think are cool.
- Facebook is rather noisy as well, and suffers on a general scale in the same ways that MySpace, Web Hosting Talk and DigitalPoint have problems.
Or, look at it this way: why bother to make a posting on a site where all of your competitors are already established? On a local level, it may make sense, but it certainly does not on a global or national level.
A recent New York Times article had this to say on the decline of the music industry:
A study last year conducted by members of PRS for Music, a nonprofit royalty collection agency, found that of the 13 million songs for sale online last year, 10 million never got a single buyer and 80 percent of all revenue came from about 52,000 songs. That’s less than one percent of the songs.
Yes, that’s right. Less than 25% of songs produced in the last year sold a single copy… then again, most songs out there are not very good. Being forefront to the release of my father’s solo CD, I can definitely say that internet marketing hasn’t delivered much sales (unfortunately, I don’t wish to publish that sales data at this time). But if you’re still doubting, look at the IT hosting industry, where the people with the crappiest products tend to attain the most success. I blame this on the echo chamber that is Web Hosting Talk.
Actually, the IT hosting industry is worse, because when companies fail due to mismanagement, instead of falling flat on their face, they get acquired for their customer base. While this is a good thing for the customers, it provides no motivation to do a proper job of managing a company, because you can just get a whole bunch of customers, spend all the money they give you on cocaine and hookers, and then sell out to a larger company, which happens all the time. I wish I were kidding.
At least in the IT hosting industry and in the record business, the only real way to gain customers that matter, is through word of mouth. However, many companies in both of those industries try to squelch out the very thing that is an effective marketing tool.
Because internet promotion is like shouting into the darkness, it’s become a dead thing now. Many people don’t bother to do it that way.
iPhone to still not allow unsigned code execution
Friday, April 9th, 2010When asked about whether or not the iPhone would allow execution of unsigned apps, like, you know, every other smartphone out there, Steve Jobs had this extremely amusing thing to say:
“You know, there’s a porn store for Android. Anyone can download them. You can, your kids can. That’s just not a place we want to go.”
Two points: firstly, for someone who claims to be adamantly against DRM, Apple sure loves locking down it’s devices. Secondly, I’m not sure if Steve is aware, but you can browse porn sites in the iPhone’s browser. Infact, I’d be willing to bet that the iPad would be an excellent porn viewer… oh right, no Flash, that’s right.
I also love how Steve completely avoids the question. Then again, Apple is an extremely developer-hostile company, with no real good reason to be that way, which is disappointing. But hey, at least the iSheep now have multitasking. On the other hand, the GSheep have had that since day 1.
It would behoove me to say that the world would be much better off if Nokia grew a pair and started pushing the N900 aggressively. Unfortunately, I don’t see it happening.
Sony to “ban PS3 users with custom firmware” from PSN
Thursday, April 8th, 2010This whole thing is just becoming Kafkaesque. Why does Sony hate freedom so much?
By the way, in case you didn’t notice, there’s several CFW projects out now. But watch out, you could get banned from PSN. So being able to fool PSN’s anti-cheat platform will pose a serious challenge to firmware modders.
A way that this could be defeated is by modifying the PSN code itself to return the correct responses during the monitoring process.
It would behoove me to say that Sony would not be having this problem if they just left things alone.
Twitter