Older blog entries for hacker (starting at number 133)

Almost Everything I Own Was Destroyed

    Safely made it to the East coast, my belongings didn't.

    60% of my belongings shipped ahead with movers were completely damaged, smashed, and crushed. Huge loss. Computer desk completely trashed. Metal hardware was torn right out of the wood itself in dozens of places. Dishes, cups, appliances.. destroyed.

    The only thing not destroyed were my boxes of books. I can only assume that was because the movers couldn't read. Fragile boxes clearly marked as such, with 'This Side UP!' on them were at the bottom of piles of boxes, upside-down, crushed.

    I'm baffled at the amount of damage. When I drove myself from CT to CA in a U-Haul, I didn't even use moving blankets or pack things in foam and newspaper. Not a single item was broken. This time, I made sure to pack everthing very carefully in foam, paper, and with moving blankets. Everything that could have been broken, was.

    Erika thinks this was intentional. This clearly looks maliscious. There's no way they could "accidentally" break every piece of furniture, appliance, dish, cup, and obliterate that 512lb computer desk.

    I'm starting at the beginning again.

    Very angry, very upset.

More on this later, photo-documentary of damages to follow.

5 Feb 2002 (updated 6 Feb 2002 at 06:42 UTC) »
Bluefish Responds
    We have been "warned" by Bluefish not to contact their customers and ask for the sources for their version of an application based on our Plucker source code, covered under the GPL. The response from them was to advise us to:
    "...get legal advice from a US attorney before making any more statements to any of our customers or potential customers..."

    That sounds like fear to me.

    I will be emailing Eben at the FSF in the morning with a full rundown of everything said and done to date, at Tridge's suggestion.

    They have had the sources requested from them by myself on the telephone, and in several emails from community members (incuding myself), and they have refused to provide those sources, both verbally, and in written requests. They also contend that since their use of Plucker is part of a larger "education vertical", and that their customers have nothing to do with the licensing of the "Bluefish solution". I contend that they do have everything to do with it, based on Section 6 of the GPL, which states:

    6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
    By not providing the sources to their customers and partners, they are imposing more restrictions, and further, by not alerting their customers as to the licensing involved with the "Bluefish solution" (which uses Plucker, a fully GPL'd application), they are hiding the fact that it is using GPL'd code, which they have not followed the license to according to the terms of that license, including re-distribution.
"The Big Move(tm) 2"
    Well, it seems that 95% of my stuff was handled by the movers, the remaining 10 boxes had to be shipped via UPS. Very Expensive.

    I'm crashing at Rasmus' house during the few days of transition before I fly out to handle the relocation of my truck.

    23 months ago, I made this move... in reverse, except I drove West. It's too grueling to return the same way, so I opted for this route. Too much lingers in both places.

Bluefish GPL Violation

    The move against Bluefish and their GPL violation seems to be gaining steam. Many people have replied to me about my original post. The email goes out later today. Mercury Guide will not be allowed to distribute their modified version of Plucker at the Olympics, nor distribute their IrDA kiosks around Salt Lake City to beam the application to Palm users unless they comply with the proper licensing.

    I urge those who are interested in the cause to email James, the CEO, and ask for the source code to their application, which is directly referenced to be based on GPL code (Plucker). Give him a call, email him, fax them, do not let this drop. Phone their San Francisco office (415-775-3697), or give them a Fax with your comments (be professional, 509-561-7934)

    If you call or email, PLEASE take care to be professional, courteous, non-threatening, and quote the relevant parts of the the licensing you reference. We do not want to come across as miscreants or as spamming their mailbox.

    Maybe after the letters Mike and I send today, they will comply. Then again, maybe not, there's a lot of their own money riding on the success of this application, I think. This is a serious matter.

    Feel free to cross-post this diary entry to your favorite discussion forums and lists.

Things with Wings

  • Palmsource (2/5-2/8, San Jose, contingent on a pending T23 in NYC)
  • Flying East (within the week if all goes well, to my new home)
  • Flying West (3/4-3/5, speaking about PDAs and Linux
  • Flying East, then South (3/21-4/1, way south, where the sun touches the water) in Berkeley)
  • Flying East (to once again, begin anew)
All within the next 50 days.

The Other Stuff

    Sleep is still erratic, tinnitus still as loud, back still as tight. Add them all to the pile of hereditary and accident related trauma. There's an impending pilot-link release waiting in the wings too. Need to get situated, get connected, and hunker down and code. CODE!
The Microsoft Delusion

    BBC employees are to be banned from connecting their PDAs to the BBC's computers unless they run on the Microsoft Windows PocketPC 2002 platform.

    An internal email from the company's technology division stated all PDA platforms other than PocketPC are insecure - which will prevent anybody operating a Palm or Psion handheld device from using their PDA at work.

    The email said reasons of security and unusually, the "exposure to users of health and safety risks" left the company with no other choice but the PocketPC platform.

    A spokeswoman for the BBC said: "The BBC has to have some kind of say if people are going to be downloading things from our computers and taking them home."

    "We believe PocketPC includes all functionality and is one the most secure platforms available."

    [my emphasis]

    Employees have until summer 2003 to change their PDAs or refrain from porting them to BBC computers.

I hope BBC was paid well by Microsoft to make that public announcement. I haven't seen any major flaws or breaches where a Palm or Psion handheld PDA was used in some insecure fashion to exploit, steal, or "hack" into any corporate networks... at least none which cannot also be done with a PocketPC.

Microsoft, OTOH, has had at least 3 security advisories per month for the past 4 years, sometimes more.


  • Movers arrive tomorrow. Still have to disassemble this desk! More packing remains.
  • Liquid polyurethane foam isn't the best way to pack monitors. Time for Plan B.
  • Truck must be relocated soon also, or donated.
  • pilot-link will have to be released when I'm on the "other side".
  • Am I attending Palmsource in two weeks?
  • Cox Cable better live up to their bandwidth promises.
  • Server relocation must happen promptly.
24 Jan 2002 (updated 24 Jan 2002 at 10:49 UTC) »
Zurk, how noble of you to certify yourself directly as Master, without even a single project under your guidance. Perhaps you might want to take a look at the Certification Overview and think of a value which suits your personal contributions. Your Sourceforge entry doesn't seem to contain much. Your homepage seems to be down. I did find your ZDoc homepage though. Perhaps you should add your project to the Advogato project page.

You complain that you lost your certification, and that you can't post. Perhaps you need to contribute to some community projects or Free Software work. You are judged by your peers here, by your contributions, not by your "friends".

You aren't "owed" certifications, you earn them. Just a thought...


  • belated Christmas shopping
  • friends from the past
  • pilot-link hackery
  • packing everything into boxes
  • power outages
  • voratious hunger
  • unstable sleep pattern

SPAM Honeypot

    I just looked at the logs from my spam honeypot script running on my box, and there was one spam harvesting engine stuck in it tonight, and it had already hit it 25,813 times before I finally blocked it with iptables. Each new link it found, it spawned a new instance of itself and begain spidering the page again. This is purely evil.

    At over 200 unique fake email addresses per page, that's over 5,162,600 fake email addresses that my script successfully populated it's database with. Too nice.


    I had my power shut off today at 12:40pm, and I called PG&E to restore it at 2:30pm, the power flickered on for 1

    full second at 3:48pm and was off again. I called them again at 5:18pm and then again at 6:26pm. They told

    me power was restored. Uhm, no. They said they would dispatch another truck, but it could take up 8:00pm. I decided to just fix it myself. I went downstairs into the ahem "locked" Utility room and right next to my meter was a little PG&E post-it that said "Service Restored" and a tech's name. I opened the little metal flap over the breaker, and it was in the Off position. Gar!

    Why do I always have to deal with this ineptitude? Next time they cut my power, I'll just march back down there, ahem "open" the Utility room, and turn it back on.

Autoconf quote of the day:

"Using autoconf is like playing chess from 20 feet away by flicking a rope to move the pieces..." -mbp

It's Thu Jan 24 02:17:58 PST 2002 and I'm not even tired yet.

19 Jan 2002 (updated 6 Feb 2002 at 06:37 UTC) »

Update: Microsoft Security

    raph, I share the exact opposite view that you do, and I think that this could definately be a bad thing. I posted a quick comment on it a few days ago under that same Slashdot story you referenced in your recent diary entry.

Open Directory Project

    softkid, your Open Directory Project seems mighty similar to the DMOZ Open Directory Project. Why noit just join them as an editor. They have quite a big jump on you already. I have one of my own for Palm-related content (ala AvantGo), but the code driving it is not complete yet.

More GPL Violations

    A company based in San Francisco called Bluefish, has taken Plucker source code in full, and used it to create a product they sell (quite expensively). This isn't bad, but "their" application states clearly in the About box, that it is "Free Software" and covered under the GPL (as does the About box found in Plucker). They have removed all attributions and references to the original authors of the source code they are using, and replaced them with their own, which is very misleading. They have also taken custom artwork without permission, and used it on their application.

    Here's a quick screenshot comparison Bluefish versus Plucker:

    [main screen] from Bluefish's application (note the graphics on the toolbar)
    [main screen] from Plucker, note the graphcs again

    [preferences screen] from Bluefish's application
    [preferences screen] from Plucker

    [About screen] from Bluefish's application
    [About screen] from Plucker

    I called the CEO, James Fisher at the San Francisco office and politely made a verbal request for the source code to the application they provide in binary-only format on the Mercury News website.

    He politely told me no.

    I then said asked if he was aware that the application that they based their product on was covered under the GPL, and by not providing sources which created that binary that was already made available for download, he was in violation of the GPL, as detailed in Section 6, 7, and 10 (along with others) of the GNU General Public License, a license which Plucker is clearly covered under.

    The GPL FAQ also has two related questions on it:

    "I want to distribute an extended version of a GPL-covered program in binary form. Is it enough to distribute the source for the original version?"
    "I want to distribute binaries, but distributing complete source is inconvenient. How about if I give users the diffs from the current FSF version along with the binaries, and suggest they get the base source from the FSF?"

    He then said that he was not in violation, and suggested that I should "..go re-read the GPL, because we are not violating it..".

    I asked for his email address, so I could quote him the relevant sections of the GPL he was violating. I also mentioned that I was going to put a call into the FSF to get their clarification on the issue.

    Then he begins to tell me that he "might" release the sources, but that they were busy "debugging" them right now, and might release them when they was done. (The key word used there was "might", not "will")

    Sorry, no. If you release a binary which was based on GPL sources, you are required to release the full sourcecode, scripts, and other tools which created that binary (which were covered under the GPL), at the same time, not months or years later. Section 3 of the GPL is very clear on this.

    His assertion that they were "debugging" the application is invalid, as "debugged" sources will produce a different binary (whose source must also be made available upon request).

    If you can put the binary up for download, you can put the source code up for download as well (though this is not required, it can be mailed or linked elsewhere). The stipulation though is that you can not impose more restrictions on the code, obtaining it, or its use, than you received when you agreed to the license by using it (Section 6. of the GPL).

    I have written a draft letter (currently un-sent at the time of this diary entry) which I will be sending to James Fisher as well as copying in the relevant FSF parties. I have taken pains to make sure that this letter appears non-threatening, and that the proper "legal" language was used throughout. I welcome any comments on it before I send it (and after sending it, it might disappear from that URL)

    Update: Someone recently brought up that they also have a name and logo which is suspisciously similar to the Bluefish HTML Editor. I took a quick comparison screenshot to show the similarities. Flip one fish horizontally and they are nearly identical. Who has the trademark first on this one?

    I'm only concerned about the clear violation of the GPL stated above though, but this graphical logo similarity is interesting.

    Is it just me, or is this happening more and more lately. Companies seem to treat Open Source and Free Software as some sort of "bake sale" of free code thew can just take and use however they wish, without abiding by the license, giving proper credit and attribution, or adhering to the terms of the code they've been using.

    "Oh this code we downloaded to make our commercial product had some sort of GPL thing at the top of every file. We don't use that GPL thing, so we just removed that stuff and the names of those guys who wrote it. It's our code now."

pilot-link Needs Testers!

    We're about to release the first preview release of pilot-link which includes some very neat new features -- USB support and a very detailed DEBUG and logging facility (thanks to jpr). I've also cleaned up the sources in general, making them more readable, compressing the cruft, and converted it all over to Automake and fully using getopt(). There's still some lingering issues with Win32 and OS/2 support, and requests for testers and porters have been made, but there has been no response yet.

Moving Eastward

    The move back east is going slowly, much slower than I want. I do not want to have to pay another $2,000/USD for rent in February, especially while unemployed. I have Palmsource in San Jose to attend in a few weeks ($1,200/USD registration fee), and the cross-country relocation. Ick.

So much to do...

RoUS, vmware is something I know a great deal about, inside and out. I can probably help you.

I've gotten many unsupported USB devices working, regularly sync my Palms over USB, Ir, and serial into and out of vmware guest images, and have no problems with NAT or DVD playback.

Hit me up in email and I can help you out. I have some tweaks as well, that you may want to implement, which will speed up the performance of that NT image for you inside the vm. I have about 12 images I use in vmware on nearly a daily basis (and as I type this, FreeBSD 4.3 is happily compiling gnome inside vmware right now on another window).

I rely on it quite heavily for my cross-platform work, where I need a "soft" box to test in.

Sony Debacle II
Cross-posted from my original Slashdot posting on the same subejct from today

    I've been hoping they'd learn, but they still do not. I just checked the Sony Palm Developer website, and they have a Windows binary of POSE, the PalmOS Emulator. This binary covers "PEG-T600C/T400/T415" models and another binary on the same site covers "PEG-S and PEG-N Series" models. The source code that they have available only covers "PEG-S and PEG-N Series" models. These are all from November 20th, 2001.

    Sony, where is the POSE source code for the "PEG-T600C/T400/T415" series version of POSE? You have two new models of Clie devices on the horizon, and I'm sure that developers would like to begin supporting them, further increasing your sales margins. You have a Windows binary of POSE available that supports these models, you are legally bound to provide the source code which generated these binaries.

    Here's a quote from your PalmOS® developer page:

    The source code will be available with the final version.

    Sony, listen closely.. you really need to make yourself aware of the GPL before you blindly violate it like this. If you come back with the excuse that you are "cleaning up the code", you are still in violation. "Cleaned up" code will produce a different binary. You are bound, by the GPL, with releasing the source code which generates any binary you create and distribute from that source code, Windows, Unix, or Macintosh.

    I will be in attendance at Palmsource in a few weeks, and I hope you will be as well, because I intend to fully bring this to the attention of yourself, and everyone else there. I have been quiet about this issue, but believe me, I am not backing down.

    I have reluctantly added support to pilot-link for the Sony devices, most of which are randomly designed in nature, so that you can see increased sales due to the non-Windows users purchasing your hardware. How about giving back to the community that has been supporting your bottom line for the last two years, instead of raping and stealing from it?

    I see only one way that you can claim that you are allowed to proceed with this violation, and that would be if the original copyright holder of xcopilot relicensed or sold the copyright to that code to Palm and then they in turn relicensed it to you. I do not see that being the case, since all previous versions of POSE that you have made available have been based on publically available GPL versions of the codebase. From your own site:

    This is the same software level as Palm OS® Emulator 3.0a8 (PEG-S and PEG-N Series) and Palm OS® Emulator 3.2 (PEG-T415), distributed by Palm,Inc.

    I anxiously await your public response to this matter.

More news about my friend Rex who was shot and murdered in front of his store. It seems as though the accused wanted to be friends with Rex, and not just a "customer", and was upset because Rex was treating him like any other customer.

``Mrs. Adamson stated that she knew her husband didn't like the storeowner Rex for no particular reason other than William wanted to be friends with him and Rex treated William just like any other customer and that Rex thought that he was better than everyone else,'' the affidavit said.

Some people really lead sad, sad lives. I'm sorry you had to be the target of someone else's weakness, Rex.

124 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!