Holy shit, they actually shipped the damned thing.
Also, has anyone else noticed that CentOS is still on 5.4, while RHEL 5.5 has been out for a month now? Is that project dead or something?
Red Hat Enterprise Linux 6 Beta
April 22nd, 2010getdeb
April 15th, 2010I have decided to do a random audit of the getdeb service. GetDeb is a service which provides updated packages and other packages not distributed by Ubuntu, here are my initial conclusions.
getdeb-repository itself, is a badly packaged package which fails to conform to Debian/Ubuntu policy:
- The package depends on wget and lsb-release, which are part of the Ubuntu base system;
- The package belongs to the utils section, which is inappropriate, as getdeb is not a utility;
- The control description begins with a capital letter;
- The control long description is only one sentence long;
- debian/postinst invokes wget to download the repository GPG key when it should just ship it as part of the package (meaning that it is not piuparts clean in a non-networked environment)
- debian/postinst blindly invokes sudo, even though the package manager always runs with root access – this will break if sudo is configured to prompt for password even on uid=0, or with SELinux
- debian/postrm blindly calls rm on a configuration file; this should be left up to dpkg to do.
- debian/copyright says the package is under GPLv3, but there is no data in the package that could be placed under such a license
- debian/changelog specifies the package is specifically for karmic, if it’s a generic distribution target it should be set to unstable (update: apparently this is OK in Ubuntu, but it would never fly in Debian)
getdeb packages are not dist-upgrade clean
The packages that getdeb installs do not pass dist-upgrade because they apply arbitrary modifications to the packaging which is not necessarily applied upstream. As an example, look at this bug against audacious in Ubuntu, which results in QA problems when people upgrade to the next version. Admittedly, this is more related to design problems in dpkg, but I submit that the packages created by GetDeb should not stray from upstream’s packaging structure.
To avoid this problem, the GetDeb team advises that you remove all GetDeb packages from your system before upgrading; however they do not provide any mechanism for doing so easily.
getdeb packages include upstream changelogs
Debian packages should never include the upstream changelog, but instead a summarized version which lists key problems solved in the new package (with links to appropriate distribution/vendor bugs).
getdeb packages do not appropriately set Origin: in the control file
Debian packages provided by getdeb do not appropriately use the XSBC-Origin field to embed vendor information in their third-party packages. This makes it harder to identify getdeb packages on a system, as the version tag is not reliable enough.
If I am wrong about any of this, I will be happy to correct the above. However, given these initial conclusions I think it is appropriate to not use GetDeb, and instead use the official Ubuntu backports distribution and properly vetted repositories like Medibuntu, especially given the fact that there is no mechanism to report problems in the software downloaded from GetDeb.
average myspace users…
April 14th, 2010
I think I know why MySpace is irrelevant now, unless I’m missing something.
Also, why the hell does Newegg have a MySpace account? Seriously. At least it’s not friendster.
Also, whoever named this person Bricenel must hate their children.
Stuff like this really leaves me concerned about the state of social networking in the progress of human evolution. Unfortunately, I think it’s definitely causing devolution of the English language. I haven’t really seen anything like this on Facebook yet though. But it’s a matter of time I bet…
Wow, blog spamming is pretty bad
April 13th, 2010Out of the 348 comments I have had in the last 90 days, 341 of them were rejected as spam. Sheesh.
internet promotion is dead
April 13th, 2010Anyone who tells you that internet marketing is relevant is totally full of shit. Depending on what product sector you’re marketing for, music, information technology, whatever, it does not really matter. No, really, lets look at this:
- MySpace Music, for example, is a place where 1,000,000 horrible bands are shouting at each other every day.
- Web Hosting Talk and DigitalPoint are two forums filled with shouting braindead idiots who can’t really demonstrate why people should go with their services (other than playing a pricing war, which is utterly inane).
- Blogs like Kotaku are the least ridiculous place for the gaming industry to push their games, but it’s still pretty crappy, and bloggers only cover things they actually think are cool.
- Facebook is rather noisy as well, and suffers on a general scale in the same ways that MySpace, Web Hosting Talk and DigitalPoint have problems.
Or, look at it this way: why bother to make a posting on a site where all of your competitors are already established? On a local level, it may make sense, but it certainly does not on a global or national level.
A recent New York Times article had this to say on the decline of the music industry:
A study last year conducted by members of PRS for Music, a nonprofit royalty collection agency, found that of the 13 million songs for sale online last year, 10 million never got a single buyer and 80 percent of all revenue came from about 52,000 songs. That’s less than one percent of the songs.
Yes, that’s right. Less than 25% of songs produced in the last year sold a single copy… then again, most songs out there are not very good. Being forefront to the release of my father’s solo CD, I can definitely say that internet marketing hasn’t delivered much sales (unfortunately, I don’t wish to publish that sales data at this time). But if you’re still doubting, look at the IT hosting industry, where the people with the crappiest products tend to attain the most success. I blame this on the echo chamber that is Web Hosting Talk.
Actually, the IT hosting industry is worse, because when companies fail due to mismanagement, instead of falling flat on their face, they get acquired for their customer base. While this is a good thing for the customers, it provides no motivation to do a proper job of managing a company, because you can just get a whole bunch of customers, spend all the money they give you on cocaine and hookers, and then sell out to a larger company, which happens all the time. I wish I were kidding.
At least in the IT hosting industry and in the record business, the only real way to gain customers that matter, is through word of mouth. However, many companies in both of those industries try to squelch out the very thing that is an effective marketing tool.
Because internet promotion is like shouting into the darkness, it’s become a dead thing now. Many people don’t bother to do it that way.
iPhone to still not allow unsigned code execution
April 9th, 2010When asked about whether or not the iPhone would allow execution of unsigned apps, like, you know, every other smartphone out there, Steve Jobs had this extremely amusing thing to say:
“You know, there’s a porn store for Android. Anyone can download them. You can, your kids can. That’s just not a place we want to go.”
Two points: firstly, for someone who claims to be adamantly against DRM, Apple sure loves locking down it’s devices. Secondly, I’m not sure if Steve is aware, but you can browse porn sites in the iPhone’s browser. Infact, I’d be willing to bet that the iPad would be an excellent porn viewer… oh right, no Flash, that’s right.
I also love how Steve completely avoids the question. Then again, Apple is an extremely developer-hostile company, with no real good reason to be that way, which is disappointing. But hey, at least the iSheep now have multitasking. On the other hand, the GSheep have had that since day 1.
It would behoove me to say that the world would be much better off if Nokia grew a pair and started pushing the N900 aggressively. Unfortunately, I don’t see it happening.
Sony to “ban PS3 users with custom firmware” from PSN
April 8th, 2010This whole thing is just becoming Kafkaesque. Why does Sony hate freedom so much?
By the way, in case you didn’t notice, there’s several CFW projects out now. But watch out, you could get banned from PSN. So being able to fool PSN’s anti-cheat platform will pose a serious challenge to firmware modders.
A way that this could be defeated is by modifying the PSN code itself to return the correct responses during the monitoring process.
It would behoove me to say that Sony would not be having this problem if they just left things alone.
dude, i got a dell (actually, several of them)
March 31st, 2010If you failed to notice, my site is probably loading much faster now. I’ve recently bought several Dell PowerEdge servers and bought one for personal use… seeing as the old box was 4 years old and already blew several drives and a PSU (and infact, only had one PSU), it seemed like a good idea to phase it out.
In other news, it takes a long time to copy a 20GB virtual machine image from a degraded RAID-5 array…
As an update to the previous post, well, MSKs tend to get leaked earlier than expected. There’s already a couple of custom firmware payloads for the PS3 that are signed and working already using the leaked MSK allowing the loading and execution of unsigned code. Note that I don’t condone piracy so I’m not going to open the pandora’s box of linking to those firmwares. They exist, you know how to use a search engine, but stealing people’s work sucks.
As an aside, I would like to point out that security models built on trust only work when you don’t consistently remove features during your product’s lifecycle. If you remove features during a product’s lifecycle, then there becomes motivation for people to break the security model. The only reason why people didn’t break the PS3’s security model earlier is because the Other OS feature allowed execution of “homebrewed” games and demos.
Sony “Software Assurance Signing Keys” to be released April 1
March 29th, 2010Since Sony is an enemy of freedom now, it’s time to release the hypervisor security keys. Since Sony cannot change these as they are burned into the IPL ROM which starts the supervisor SPE up, PS3 security is about to be non-existent. Can we say custom firmware? We sure can.
I can’t wait for the DMCA on this.
conspire is dead; long live conspire (or is it?)
March 26th, 2010As many of you already know, I have been experimenting with quassel for the last couple of months. Quassel is a very decent client, but it’s simply not for me. As a result, I’ve been thinking about the future of Conspire. Here is what I have decided:
Work will begin immediately on Conspire 2.0
Conspire 2.0 will be built ontop of the latest additions to the atheme platform, such as mowgli.coroutine and libneco. These additions will allow us to increase our stability and reliability without having to worry about implementation details in the client. However, mowgli.coroutine has not been mainlined yet, so this will be a couple of weeks out.
Usage of mowgli.coroutine and libneco are already planned for the next atheme-services release to improve robustness and performance of that software.
Modularity
Conspire 2.0 will be reworked to place the RFC1459+extensions/IRC3 protocols in the plugins space, so that other plugins may be implemented, such as a libpurple interface. This allows the conspire user to manage all of his chat activities from a single application with a consistent interface.
This will be achieved through ensuring that everything in the core is cleanly hooked, and then moving most of the core into the plugin space. In addition, many parts of the core will be replaced with code from atheme-services, including the xchat IRC line parser.
DCC Support
DCC support will likely be dropped. DCC is a horribly designed protocol plagued with many security problems. This will also allow us to drop our UPnP code. Users should use services like Omploader and Rapidshare if they wish to share files over IRC.
Support for IRC 3.1 client profile features
Support for IRC 3.1 client profile features like RENAME will be added. This will ensure that Conspire remains at the leading edge of IRC protocol development.
