Older blog entries for hacker (starting at number 202)

Well, its time to make it public... after so may people have asked for it, so here goes.

I've taken the original 9/11 Commission Report and converted it all to validated XHTML so I could then read and redistribute it in Plucker format. It is also on MemoWare and on PalmGear, and on FreewarePalm. I may convert it to iSilo format, if there is a great-enough need.

I took the original 567-page PDF and converted it by hand to validated XHTML, chapter by chapter, and paragraph by paragraph. I also added a lot of usability features that were not in the original, specifically for people reading it on a PalmOS handheld device. No less than 20 hours were used to convert this over to this "superlinked" copy. I also have my conversion ChangeLog as well, for those who are interested in how this is progressing. I'm at version 1.5 now.

• Every annotation mentioned in the document has been linked to their respective Notes page
• The Notes pages were restructured to facilitate this usability
• A completely new Table of Contents, linked to every section and sub-section
• Each chapter has its own mini-TOC at the top which links to the sub-sections in the chapters
• The List of Illustrations page links to each image in the report

...and lots of other features

This copy is much more useful than the original PDF, because of the depth of the crosslinking I added to it and the wrapping and punctuation corrections I also made in thousands of places.

Please link to it. My hope is that this will become the most widely-used version of this document, because it is currently the only one searchable via the web, due to the fact that it is online in HTML format.

The information presented in this report is too important to ignore.

10 New Toes in our family

Our new (and first) child, Seryn Makaela Schmitt Desrosiers, was born on July 2nd at 16:48. She came in at 3.97kg (8lb. 12oz.) and 52cm (20.5") long. She and her mother are doing well; both healthy and happy.

Now to figure out how to integrate this new life into our own.

We're parents now!

I have reached the boiling point. I will tolerate spam and spiders no longer. Period.

Any and all systems that send spam to our systems, users, or networks or try to brute-force accounts on systems with domains we host (such as this), will be permanently banned at the firewall on both port 25 and port 80. In the last 4 days, I have banned 704 separate IPs and netblocks. The more we block and ban, the faster they come at us, and so we continue to block more.

I report every single one to the 'abuse@provider.tld' address automatically, and if the provider doesn't support the 'abuse' address, I block them, permanently. I've reported thousands of spam messages to the 'abuse' address at major providers, such as cox.net, verizon.net, aol.com, hotmail.com, and others. These providers are doing nothing about the spam coming through their systems.

I'm also getting tired of these incessant web spiders, crawlers and robots hitting the webservers, ignoring robots.txt and without properly asking if they can spider the sites we host, first. Spiders without a proper identification in the UserAgent string (including a URL to the info page, or a functioning contact email address), or without asking us if they can spider our content first, are also being blocked on port 80. These spiders are continuously spidering the same content, including VERY large downloads, over and over and over, daily. There can be absolutely no reason for this, and hence, banned.

I'm rapidly tiring of this abuse. 3,000+ spam messages a day is just out of control.

I briefly corresponded with a user who was asking for access to CVS for pilot-link, to try to solve a problem he was having with photos on his Palm.

I mentioned that CVS was not public, and he responded that he googled around and found a message from me on a mailing list I run, that helped him out.

"Wait, how did google spider a list that I know I restrict them from being able to index..."

So I started googling, and found THIS little site. It is a site in .ph (the Phillapines).

The problem with this, isn't really that they provide an offsite archive of lists, but that they remove all email obfuscation from the posts. This means anyone posting to my lists, under the knowledge that their email address will be protected (by my site configuration and Mailman itself), will no longer have that address protected when it gets indexed by this site in .ph.

I also noticed a few moderated lists there, which I know have member-only viewable archives. This means you can't google around and find posts made in those archives... except that google spiders THIS site, and picks them up, including the user's email addresses.

I sent the webmaster a VERY harsh email about the situation, giving him a deadline of 5 days to remove any and all references to our lists from his/their servers. I also blocked their entire netblock on port 25 and 80, so he can't even fetch the mbox version of the archives, and I unsubscribed the user "lurker" from all of the lists I run here.

We'll see what happens. Probably nothing, but at least I can stop rogue users from subscribing to the list, purely for the purpose of putting list archives somewhere else on the Interweb.

If anyone is interested in buying a 1U Dual CPU SuperServer 6010H, please let me know. I've put it on eBay for the second time in a row, and still no bids, and it's going for dirt-cheap.

Palm Sores

Looks like Palmsource has made some pretty sharp announcements this week at their annual conference. Should be very VERY good for our particular projects. Time will tell, but things are definately swinging our way, because they've decided to sever support for a pretty significant portion of their userbase, in favor of the Microsoft-only paradigm, which has already brought quite a number of their users knocking at our door.

First off, my girlfriend is a diabetic. She's also a celiac. That means we are minutely aware of what kinds of ingredients we are ingesting in this family. We read labels, we ask chefs to come out and tell us where the vinegar or other foods came from. We call companies and get clarification.

There is recently a growing number of companies advertising these "low-carb" or "no-carb" food and beverage items for their product lines. Subway Sandwich shops is one, Smirnoff vodka is another, and Applebees Restaurant is yet another.

Carbohydrates are in a lot of foods and beverages. The reason you're seeing these "no-carb" advertisements is due to pressure from people using the fad "Atkins" diet (a highly dangerous diet, more on that in a moment). The Atkins people do not count seem to be counting the carbs found in foods containing fiber. A carbohydrate is a carbohydrate, regardless of whether or not it is in fiber or sugars or other ingredients. Not counting carbs found in fiber is a dangerous thing, especially to advertise to the public, for people who RELY on the exact number of carbs in their diet, to accurately gauge the amount of insulin they should be taking at each meal.

The Atkins Diet, and others like it, trigger short-term weight loss through a process called ketosis. Ketosis occurs whenever the body lacks a sufficient supply of carbohydrates, a prime source of energy. During ketosis, carbohydrate-depleted metabolisms turn to other sources, including ketones from stored fat or protein, to satisfy daily energy needs. (more of Ketosis later). The first bit of weight loss is water weight, the carbohydrate that's in your muscles, and then as you progress on the diet you will lose some fat, but you will also lose some muscle mass.

According to Dr. Chris Rosenbloom from the ADA (American Dietetic Association), she believe that this type of diet can have a negative long-term impact on health. "It's so high in cholesterol and fat and total fat -- the opposite of what all the health organizations, from the American Heart Association to the American Dietetic Association, recommend," she points out. And she noted that the diet "is also low in fruits and vegetables and whole grains"-- foods with proven health benefits. While some of the vitamins and minerals in these foods can be obtained through supplements, other benefits -- like fiber or phytochemicals -- can only be found at the source.

Low carbohydrate ketogenic diets (such as the Atkins' diet) are often high in fat, which may increase cholesterol and lead to many other health risks. The American Institute for Cancer Research has also evaluated the Atkins' diet and their assessment is quite alarming. They say that the high-protein, high- fat, low-carbohydrate Atkins diet tends to promote the loss of water weight, and that if such an imbalanced diet is maintained, the body soon reverts to the fasting state of ketosis, in which the body begins to break down muscle tissue instead of fat over the term.

Ketosis is one of the body's last-ditch emergency responses; deliberately inducing ketosis can lead to muscle breakdown, nausea, dehydration, headaches, light-headedness, irritability, bad breath, and kidney problems. In pregnancy, ketosis may cause fetal abnormality or death. It can also be fatal in individuals with diabetes! While supporters of the Atkins diet concentrate so much on the fat burning capability of ketosis they neglect to mention that over the long term protein, and thus muscle, is also burned!

The basic building block of energy is glucose, and basic carbohydrates provide that. The brain lives ONLY on glucose. You're starving your body of the necessary building block of energy by reducing the single-most important (and efficient) way to deliver glucose to the cells; carbohydrates. Yes, you can get glucose out of the remaining two nutrients found in food; fat and protein. On the Atkins, they say, you can eat as much of those as you want, and refrain from ingesting carbohydrates. Our bodies, for millions of years, have been engineered to expect (and accept) carbohydrates as part of our biology. We are efficient at digesting them and converting them to glucose. By taking that away, you're forcing your body to relearn how to digest fats and proteins into glucose.

By just ingesting fat and protein, you're stressing your liver and kidneys out. You're severely reducing your bodie's water retention. An excess of fat and protein will also cause your cholesterol to rise to astronomical levels.

The reason people seem to lose weight on the Atkins, is because your body has to use a completely different metabolic pathway to turn that fat and protein into glucose. It takes a LOOONG time to turn fat into glucose, and similarly for protein. Your muscle tone and fat stores are severely depleted when you're on the Atikins diet. You starve your brain of nutrients, your muscles of nutrients, your liver and kidneys of nutrients. Basically you're killing yourself, slowly.

People have just up and dropped DEAD on the Atkins diet, because their heart or liver could no longer function. The reason more people aren't dying on the no-carb diet plans is because NOBODY has the discipline to remove ALL carbohydrates from their diet, they only decrease their carbs to under 35 grams per day. Do you know how many hundreds of thousands of foods have carbohydrates in them? Probably not. Nor does anyone else, and that's why it takes an enormous amount of discipline to cut out carbs altogether. You can survive on a low-carb diet if you want, but your body is slowly deteriorating; liver, heart, and muscle. You're killing yourself by staying on that diet.

If you want to lose weight, eat more frequently, and more nutritious meals. This will increase your metabolism, and allow you to lose weight fast. Your body anticipates the next meal, and digests the previous one quickly, converting it into energy for your heart, muscles, and most-importantly (for developers like ourselves), your brain. If you want to do the most benefit to your brain, cut out gluten from your diet, and you'll immediately notice a sharp spike in your awareness, retention, and memory/recall.

Go search the web and find the studies out there that clearly point out the Atkins diet and other similar "fad" no-carb diets are dangerous to human physiology.

I started going through my weblogs for all the domains I host, looking for 404's, and correcting them. Many of the domains we host have updated their pages, moved files around, etc. and other sites and servers and users still point to the old files and content. Those were easy to fix with a bit of mod_rewrite and mod_redir hackery, and it keeps the users happy and logs nice and clean.

But as I was parsing out the logs, I noticed quite a few other curious things, which led me to poke through the referer logs and start tracing some interesting hits.

..which led me to these two sites:

http://www.actionweb.com/hosting/clients/

http://www.firstwebserver.com/hosting/clients/index.html

Both of these domains are registered in completely different states, by two completely different people, and yet... other than page color, they are identical, even down to the "testimonials" page. Whomever ripped this off from whom, can't possibly be that stupid... or can they?

I've been taking a stern look at the various websites out there, especially those hosted and created by people local to me, in my community. Disgusting. There is one "designer" (and I use that term very loosely), who is trying to snatch up all of the local businesses here with his "Word-to-HTML" template sites. He charges these sites $250.00 "setup fee" and $50-$500/month for hosting and updates to these sites. He puts them all on dynamic yahoo-based "free" storage, and rapes the customer for these prices. No quality at all behind his work, and in fact, he takes the website content from other sites directly. I found a complete rip of some CSS in one of his sites from a site in .nl, and he didn't even edit it out. In fact, the page's title tags still referenced the .nl site. Here are two more examples:

http://www.captainfish.com/home.htm

http://www.brotherstoofishing.com/home.htm

Both sites, competitors of each other in the same town, created by the same person, using the same design (and ugly buttons, stuck in the 80's of web-design), and hosted on the same servers. I'm sure they'd find it interesting to know that little tidbit.

So the end-result is that I'm taking this work, all of it, and am not going to give it back to these people, until they get some sort of clue about usability, design, and proper web techniques. I've emailed the person who did the two sites above with a 4-page message detailing all of his mistakes on all of his sites, pointing to the proper tools he should be using, etc. and he never replied or even said thanks. Shrug.

We're going to make a killing in this town, once these businesses see what real quality can look like, at much less cost to them in the long run, for much greater speed, usability, and prompt attention to updates.

We've lost another one of our own. sisob; fellow advogato'er, aka Mark Finlay of GNOME fame, passed away on Friday January 9, 2004. I've conversed briefly with him in the silicon world but never in the carbon world.

To his family, friends, and colleagues.. my apologies for your loss. He will be missed.

Saturday morning, I decided to get back to some wine testing, in an effort to get the new Palm Tungsten Simulator working, so I could test some applications in and against it. (Curiously enough, there are two simulators for these two Palm models, one is modeled after the OS itself, minus the new applications that are shipping on these models in real-life, and the other models exactly what you get when you purchase one of these devices in a store. They aren't the same, and they are not available from the same location).

As expected, the Simulator fails to run in wine, including release, nightly, and cvs versions of wine. The problem lies upstream in either the Palm code, or the MMDRV_ portions of wine. I'm narrowing in on a workaround, mostly thanks to the helpful people in #winehq on irc.debian.org.

So I decided to see if wine worked at all on some of these recent Windows InstallShield/Catapult installers. I dug around in my shared Windows downloads directory (I don't have any Windows machines, only directories of downloads, which are mapped to my vmware sessions when they are booted).

I found an application called "Foo Install.EXE" (not the real name, more on that in a moment). It purports to perform a certain action on a Palm device, in Windows, bypasing the standard Palm tools to do so. Running it in wine, threw a few errors, because wine doesn't support USB hardware, which this device tried to communicate with. Normally, in Windows, this would be launched with a double-click, hiding any errors which might appear, behind context. Oddly, when the application errored out, I recognized the error message.. because I wrote it!

"Wait a minute. How can a commercial Windows application contain an error message I know I wrote, which exists in a project I maintain..."

I ran strings on the executable, and sure enough, this application has 5 function names directly copied from our library and headers, and includes one string which only appears on POSIX systems, and never actually is output from the Windows executable. The application has cut-n-pasted code from our LGPL library into their Windows tool, and were using it to talk to the Palm device, in Windows.

I decided to try some of the company's other Palm applications. 3 of the company's 5 commercial applications uses this same code. I couldn't test the other two, because they didn't have any "demo" versions for download, and were clearly commercial-only. I can only assume that if they put the code into 3 of them, they put the code into the other 2.

Now, normally this would appear to be a mistake, and I like to give companies the benefit of the doubt, but in this case, I think it was much more maliscious than that. Not only was the code clearly marked as being LGPL, but it wasn't designed for use in Windows. This means someone took the code from our library (and potentially our headers), and put it into their Windows products, modifying the code a bit to work on that platform (/dev/ttyUSBx vs. USB::, etc.), but they neglected to add the required LGPL notices to their downloads. They also have their own license, which adds restrictions on use of their product, and they have a bland copyright notice of their own, right on the About and Help screens of their application. This could be construed as a "Lanham Act" violation ("False designation of origin...").

I fired off a message to their contact address, including a copy to licensing@gnu.org, so everyone can be in the loop. I expressed our concerns, detailed our findings, and requested an explanation and requested that they make an effort to bring themselves into compliance. I try to give everyone the benefit of the doubt first, until they reject that offer.

So far, no reply yet.

I Am Not a License Nazi (part II)

I jumped on over to Freshmeat to look at some of their new Palm projects (which I do from time to time, to get a feel for the direction people are going with their Palm code), and did a search for handheld there. I found something called "BearOps Handheld", and decided to try to download it and give it a try.

Not only is there no download available, but their site claims that they've exceeded their bandwidth allocation for the month, and that downloads have been suspended. I fired off an email to tell them that I'd gladly be a mirror, but they didn't respond. This means their email is working, and didn't bounce.

Ok, off to Netcraft to see what their provider is.. and I notice that they've switched providers in the last few years. Could they really have exceeded their bandwidth every month, across multiple providers?

Off to The Internet Archive, and I see that they've been up since at least July 20, 2001. Drilling down into September 28, 2001, we see the same "suspended downloads" message on their site. Odd, is it really possible that for over 2.5 years, they've exceeded their bandwidth with 2 separate providers? Not likely. I've never even heard of BearOps, and if it was that popular, I'm sure it'd be somethiing I've heard of. It's based on Debian, after all.

I brought this up with some other handheld/Palm people in the Free Software community, and the concensus was that emails asking for the source go unanswered, offers for mirrors go unanswered, and the company simply refuses to supply any details about their distribution, unless you purchase it.

Another possible GPL violation? Or just non-existant/dead/ignorant people?

There Is Much More To This...

There seems to be an ever-increasing abuse of the GPL and other Free Software licenses lately. Most-recently, the MPlayer discovery of several GPL violations by a company called "Kiss Technology".

There's also the BusyBox project, who keeps an active list of license violators stealing their code without complying with the license.

I spoke with my girlfriend Erika, an avid Wall Street Journal reader, and she suggested I write an editorial/letter to the WSJ, explaining all of this. The problem, she said, was that companies and "normal people" don't know this is happening, and that nobody reads those "geek webpages" (groklaw, slashdot, advogato), so none of this information gets where it needs to be... injected into the public media.

The synopsis of this, is that companies are actively stealing software, violating copyright, selling products based on that stolen code, increasing their profits, firing/laying off staff ("We found something on the the web that does exactly what we're paying you to write for us, so we don't need you anymore. Pick up your last check at the door."), and the economy increases, due in part, to theft, and jobs being lost.

The economy is improving because jobs are being lost. There is this mentality among well-funded companies, that they are "safe", because "..those unemployed Free Software hippies" don't have enough money to bring them to court. They're wrong. A bit of a media campaign with some truth, can be much more damaging than any lawsuit.

We can't let this continue like this. Chasing all of these companies down, is getting to be exhausting.

(Merry|Happy) $RAND_HOLIDAY, all.