Older blog entries for mjcox (starting at number 39)

Off to San Diego tommorrow for TPC/OSCON. I've not flown with British Airways since 1995 when after two flights with dismal customer service I vowed never to fly with them again. However, London to San Diego was cheapest with BA and I didn't fancy paying the price difference. Also they might be better now, they've got the seat back TV screens. I now know two BA pilots too, but neither is flying the outward or return flights :(

Well I can't leave until I pack, and I can't pack until I've finished work, and that means writing Apache Week. People have been asking about the OpenSSL exploit, so I need to write that up, together with a company that is giving out free server certificates.

My entire trust model for SSL is based on that fact that anyone who can issue a server certificate "does the right thing". That means they check who I am and that I have the right to use the name I've asked them to certify. Otherwise someone else could register my name, or something similar to it, and theres no point having SSL do authentication anymore. How can a company giving out free certificates afford to do any checking? But then I've heard of Verisign and Thawte making serious mistakes issuing certificates, so I probably had a false sense of security anyway.

It's been a busy month. Finally met the new employee gary who seems really cool. It also gave me the chance to get rid of a ton of equipment that was littering my hallway, allowing me to tidy the house, and sell it. The house sold for the full asking price within 4 days of being put on the market, leaving me to worry about putting an offer on a place in Scotland we've found. The Scottish house has telewest cable internet, so i'll be happier.

Off to the O'Reilly conference at the end of this week with joe. Looks like lots of interesting things will be happening and we'll have to write up an Apache Week issue on our findings as usual.

Not much technical achievement in the last month, I need a good coding project for the long summer evenings.

Just got back from Red Hat HQ. Found it odd that Bryce didn't mention in his diary the afternoon I spent with him and me buying him dinner. But it was only Chili's and I left him about 6.30 since I was feeling tired, so I'll let him off this time.

I took advantage of the fast network connection to sync my laptop up to Gnome 1.4 and get Gnucash running. It looks good, but was having problems with my QIF exports from Money, I'll have to work on that. The problem might be that my QIF data from my main account links to over 30 other accounts (persions, credit cards, blah blah) and spans back to 1987.

Spent half of the day looking into a bug that affected Stronghold a few years ago before we switched to using mod_ssl which a customer needed for a legacy system. Syncing a >11Mb tree over a 56k modem link is painful (especially when you forget to use the right CVS release tag the first time around)

Hired a new employee for Red Hat, gary who starts in a month. Isn't it scary that prospective employers can find out so much about you from Google or by reading your Advogato diary :-)

Got my quote and a picture into the Red Hat annual report; whee!

Hmmmmmm SmartTags. Someone posted a link to a site that said in order to stop SmartTags parsing your documents you add this to each one:

<meta name="MSSmartTagsPreventParsing" content="TRUE">

Well, with Apache it should be even easier. I wonder if adding this to httpd.conf would be enough?

Header add MSSmartTagsPreventParsing "TRUE"

Depends how MS implemented their checks, I've not bothered looking if IE is available that supports this yet.

5 days and the experiment is over. Since I don't watch TV News or read a newspaper the experiment was to see how long it would take before I found out who won the UK election. I didn't tell anyone about the plan, so they wouldn't avoid telling me, and I didn't go out of my way to avoid finding out. Unfortunately I was watching Bloomberg this morning just as they ran a story about how Tony Blair had increased his salary. I still have no idea how close the election was, or who won in my area. I don't much care either

Visited Telehouse in London today, the building in which rather a large number of the UK co-located servers are co-located. Considering the number of servers and the amount of money they must be making I was rather unimpressed by the building or the security. The only cool thing was the airlock tubes you had to walk through (walk in, it seals you in from behind, then opens from the front. scary). I'd house my servers in Bens bunker if I could afford it :)

Anyway it turns out my machine had a serious disk problem. One of the 30Gb disks had a corrupt partition table and the other had so many bad blocks I gave up fixing it and just replaced the disk. Used the Red Hat Network to upgrade the system after the reinstall which worked better than my first test many months ago.

Nothing much to report, I'm running an experiment which unfortunately I can't comment on here as it would affect the outcome :)

The Microsoft Money gateway thing came along a bit, but is currently on hold as my awe.com machine broke again and I'll probably have to physically visit it to replace it's disk.

I'm slowly slowly getting used to Red Hat Linux. I'm so used to the Unix I learnt in 1988 on Sun machines that I keep trying to do everything the hard way. Usually after doing it the hard way I find RHL does it an easy (but sometimes obscure) way.

Ok I'm stumped. I need some round 12mm cable clips for a big mains cable running to my garage. The only place I can find that sells them wants me to buy 1000. I need 25. I even tried out local DIY stores. The assistant in one said the biggest they did was 6mm and suggested that I used two. I didn't feel like explaining the subtle flaw in his logic or even attempting to camp it up "Carry-on"-style ("oooh no, I've tried size 6 and it just won't do, I need at least size 12 to satisfy me"). No, sadly I wasn't in the mood and missed my chance, so just mumbled "thanks" and walked away.

Meanwhile I've been testing the optimised IA64 OpenSSL assembler that was committed to CVS last week. It works well even with 0.9.6a and is 4x faster than what gcc can optimize.

I was altering my firewall rules on my personal machine when I made a fatal mistake and forgot to tie one of the rules to the right ethernet interface. Wasn't too upset as I could use the remote-APC power strip to reboot the server. Only the remote-APC power strip also broke, so my server is still down, including all my Apache archives that I use each week to help write Apache Week. Next time I'll start a "shutdown -r" going with a time delay so if I lose access it will just reboot cleanly anyway.

My auto login script now works with Amex as well as Lloyds TSB and is proving to be quite reliable, so I'll release that soon.

I thought that getting everything in RPM format would save me some time so I could give GNUcash a go. joe wrote me a CD of all the bits that he downloaded when installing the Ximian Gnome distribution. The GNUcash RPM also relies on a couple of other RPMs that were not on the CD. But the only versions of the those RPMs that are available require different .so versions to the ones in all the other RPMs. So I'm close, but not quite there. I think the conclusion is that your only chance of installing something complex with multiple versions of multiple RPMs is to get them all from the same place. Unfortunately mixing source I build myself and RPMs isn't a really good option either.

There is something to be said for compiling against static libaries :)

Oh, meanwhile my house is full of computers as I try to fix all the old OS's on them before shipping to the new build facility. Don't bother coming around to steal them though, the fastest is a PII 266 and the slowest a Pentium 166.

I bought this neat iPanel for my new ASUS motherboard today; it sits in a spare drive bay and gives you USB connectors as well as lots of LEDs and a display that can show you the various temparatures, fan speeds, voltages, and more. Worth $20 anyway.

Spent most of yesterday in Guildford, where Kiat noticed that someone had scraped my car. Wonderful

Decided on the way back that I'd finish writing my OFX gateway. The idea is that the OFX gateway would be able to automatically log in and extract your statement details from the variety of online sites that I use that don't let you export your details (or have a convoluted way of doing it). So you'd just hit "update" and MSMoney would talk to the OFX server which would contact each of the sites it knows about, screen-scrape the details, and present them back to Money in OFX format.

After an hour of hacking late last night I have a module that can log into the LLoyds TSB site and download your statement. Next is getting into OFX (I already have written something to do that). The biggest headache is making money contact your OFX server; it works, but it's just not very user friendly yet.

I should really switch everything to GNUCash and spend my hacking efforts on that. The only thing holding me up is downloading the whole 60Mb+ of gnome experience over a 45k link.