Older blog entries for pipeman (starting at number 20)

Re: How can I trust Firefox? or: Let the flamefest begin

No, I won't really take part in this flameparty re code signing (since most of it misses the target anyway), but I just thought I'd mention my own limited experience with trojans and spyware: the only times I've encountered trojans or spyware in the real world (that is, outside my geek universe), they have all been delivered as signed executables. Generally, up pops a window telling me that the code is signed, and who has signed it, followed by an arbitrary string provided by the signee that usually says something like install this cool software now to utilize all the really hot functions on this web site.

So, away went the credibility of code signing?

I do recognize the need for code authenticity, of course. It's just that when told so, grandma will always click "Yes", "Install" or whatever seems the most productive option at the time. "No" and "cancel" are actually scarier - even if they are the default. And by the way - what kind of notion of a "default choice" does the average home user have anyway? Do they really distinct between the default and non-default button in a dialog like this? I recall the good old days when I was young and had enough time to skip studies and instead spend it on compiling my Linux kernel, and when running make config, the last line of every configuration description was something like If unsure, select 'N' or 'N' should be a safe bet. I actually followed that advice when I really was unsure. Internet Explorer, in this example, never give such a straight-forward direction - instead, it tries to explain the domains of code signing and "trusted publishers". Ol' granma will think "of course I trust this publisher! my grandson told me to click on this link!" even if the link her grandson told her to click on was twenty clicks away.

Also, if IE actually had made it clear to its users that they really shouldn't run unsigned code, a lot less people would have tried Firefox (and the poster is right that there is a point in signing the Firefox installable anyway). And that would have been a bad thing. I don't have a good solution for this whole thing, in general. Many people believe in Trusted Computing and it really gives me the shivers. But something has to be done, I guess.

Climate changes

Pontus points me to an article (Swedish) in the Land magazine, a member's publication of Federation of Swedish Farmers, which briefly mentions the rapid movement of the climate zones due to climate changes. This presents a very real and immediate problem for the wood industry - a quite important part of Sweden's economy. The article roughly translates to:

Climate changes demands new tree species (mon 13 dec 2004)

The climate zones are moving north with 0.5 to 1 meter per hour, according to the Swedish Environmental Protection Agency, which will have major consequenses for the forestry.

It is too late to stop the climate changes, writes Lars-Erik Liljelund, EPA's director general in a debate article in the newspaper Göteborgs-Posten. Measures should have been put in place 50 years ago. In Scandinavia, the climate zones are moving north with four to nine kilometers each year. The society must now adjust to the ongoing climate changes. For the forestry, this amounts to a major change, warns Lars-Erik Liljelund.

More heat resistant species must successively be put into use to ensure the re-growth after the cut timber. Likewise, the director general means that the forestry should consider the use of new tree species to spread the risks. He also calls for research about forestry maintenance models that are adjusted for a warmer climate with winters that are warmer and have more precipitation.

International negotiations about the global work with reducing the green house gas exhausts has been under way in Buenos Aires for a while and are finished December 17th.

coLinux

A comment on Slashdot pointed me to coLinux; sort of like User-mode Linux, but running on Windows instead. Very interesting. I just installed it and downloaded a Gentoo root filesystem image supposedly customised for coLinux. Since there are still many (more or less valid) reasons that I want to keep running Windows on my desktop machine, this looks very appealing. This way I won't have to wait for Windows ports of all the server software I want to run (Apache, Subversion...). I'll post again when I have something up and running.

More playing around with Advogato XML-RPC

I wanted a more bloggy way of accessing my Advogato posts, so once again I turned to the XML-RPC services of Advogato to integrate my homepage with the Advogato diary. Of course, after a bit of hacking it eventually went entirely out of hand. As it turned out, I hacked a simple Java class called ALog which provides convenient access to the Advogato diary services, but also caches the data locally so that I don't have to go query the Advogato server each time a user views my home page. I did this before, but now I actually cache all diary entries and their metadata. If more than an hour has passed, the ALog queries the "diary.len" function on Advogato to see if there has been any new entries, and if so, it downloads it. An index of all diary entries is stored on disk, so that it can easily be fetched to, for example, populate a calendar or a post archive. I found this simple calendar that fulfilled my needs pretty well, and after a new rounds of DateFormatting, sorting and nicotine intoxication, I actually had JSP code that produced something resembling a blog, all based on the data on the Advogato server.

I once again got bitten (I think!) by Windows and Linux differences in Java. I wanted to make writes to the cache (which is file based) atomic, so on all places that I wrote to disk, I first wrote all data to a temporary file in the same directory, and when done, used renameTo() to atomically overwrite the old file with the new one. This seems to work well on Linux, but I'm using Windows on my workstation, where it didn't work at all. So I resorted to deleting the target file just before the rename, which creates a tiny race condition - but for I doubt I'll have to worry about those few milliseconds when it comes to my home page. :-)

I think the ugliest hack in this adventure, however, was the code to sort and count the monthly entries. I just wanted to get something done, so I created a TreeMap, wherein I put an diary count as value and as key a year-month string in the form "yyyy-mm". Then, I created a Comparator for the TreeMap that splits the key string and parses the two halves and compares first the year and then the month. This way, I can use entrySet().iterator() and retrieve an Iterator of Map.Entry objects containing each month and it's post count in a comfortable order. Of course, I had to parse the "yyyy-mm" into a time stamp that could be properly printed, too.

There are many other stupid things with the code (such as that the entire diary metadata index is read at each request), but I won't have to worry about them until the number of diaries is huge and/or I have thousands of visitors to my homepage. After all, the index file is only 272 bytes at the moment (with 16 bytes per post).

SMHI followup
(again, only interesting for my Swedish audience - sorry, I should find another place to post non-english stuff in the future, I guess)

Jag fick just följande svar från SMHIs verksjurist, angående mailet jag skickade och nämnde här samt i en kommentar på Gnuheter för en dryg vecka sedan. Intressant läsning.

wooo, a tiny release!

I went by car from Stockholm to Katrineholm today, and during the ride I hacked a new automatic selection policy for Duper so that the user can choose to automatically mark all files but the oldest or newest for deletion. Back seat hacking, that's teh shit. :-) Actually, the laptop batteries only lasted for half the trip, as we got delayed by first losing ourselves in the dark woods of Södermanland by something like a hundred kilometers in the wrong direction, and if that wasn't bad enough, when we were on the right track again, the road was blocked by a recent accident that really made me shaky, and as it was a one-laned, one-way slip road, we hade to turn around and geisterfahr (albeit very slowly and with warning lights on) our way back. Seeing a car accident so closely really gives you some perspective. There were no serious injuries, however. But there were a family with kids in one of the cars, who were pretty chocked, to say the least. So now I'll stay away from cars a while. Dangerous stuff. A thousand kilograms moving forward in something like 25 meters per second. And we do it not only willingly, but in a foggy pitch-black december night? The hubris of mankind has no end (but then again, that's what makes mankind interesting - we all know how important hubris is to development). Anyway, I decided to make a new release - not that it's anything major, there's maybe 50 new lines of code - and with the process being nothing more than typing "ant sign" and scp'ing the new jar file to the web server, it's a snap. Also, since it's JWS, users won't have to do a thing - JWS will automatically detect and download the updated jar.

the song in the nokia 3220 commercial

In Swedish TV, Nokia is currently airing a campaign for their 3220 phone (you can watch the ad by clicking on "Get Toghther Do Whatever" and then "reklamen" in the flash craze), obviously targeted at a quite young audience. As I mostly believe that I'm seventeenish, I immediately got cought by the catchy tune and haven't been able to get it out of my head since. While watching the five-hour Friends fest at a friend's place, I saw the ad once again, so when I came home I asked Google about it, and it turned out that the song is from 1998 (or 1997 or whatever) called "Mer' Strøm #2" and the artist is a dane that calls himself Bjørn Svin, and I found an MP3 as well. In a Danish blog I also found out that it's a danish agency called Ghost that has produced the commercial. Seems like a bunch of clever people indeed. "vi skal have mere strøm!"

Unexpected referrers

Noticing a surge in downloads of my program Duper, I went on to check my referrer statistics. I was expecting Slashdot to be the top referrer as a story I submitted went up yesterday. But instead I noticed that the top referrer was a blog that I didn't know of: The Red Ferret Journal (aka "enorgis.com", it seems). It's always a very pleasant ego boost when your work, even as tiny as the Duper program, gets a little attention. Duper has had an average of maybe 5 downloads a day lately, but now 99 downloads in the last 36 hours. Good or bad, it's cool. :-)

Microsoft and blogging impact

I'm not entirely sure if my occassional diary-rambling here on Advogato even constitutes as "blogging" by definition, but the word seem to has gotten quite a wide range of applicability nowadays, so okay, I'll blog about blogging. Rory says that Microsoft execs doesn't think that blogging is important. He wants us to click on a link to help demonstrate to those execs that they're wrong. I think they really are. To me, and I know many others agree, letting employees blog is PR-wise the best thing Microsoft has done, ever. Thanks to the blogs, we have gotten a whole new insight and a feeling of personality and intimity that has always been exactly what Microsoft hasn't been known for. Many of us continue to view Microsoft with suspicion and recognise that they still hold monopoly status in many areas and still try to use that to their advantage. But we have learned a whole new kind of appreciation for the inner workings of the different Microsoft departments, and, above all, we have learned that there are real, thinking people behind the huge and previously inpenetratable corporate surface. We have learned much of their reasoning behind, for example, software design decisions, and in general we learn about many of the efforts that would otherwise had gone unnoticed by most, if not all of us, that make Microsoft seem almost human, and - I barely dare to actually write this on Advogato - occasionally actually useful and rational. Through MS blogs, we have learned that the people behind the scenes are pragmatic and not quite so tied-up as one would think - I remember the excitement that spurred in the beginning of the Microsoft blogging era when someone openly admitted that sure, many Microsoft developers and testers depend on open source tools and heck, of course we use Linux internally when it turns out to be the best tool for a task. (With reservation for memory corruption.) Also, I have the feeling that the blogging Microsoft employees themselves can easily testify how their blogs has given them a whole new and unprecedentally useful way of communicating with their own users, without any corporate filters in place.

So please, dear mister Microsoft execs that hardly reads this anyway, please don't gag your employees, keep encouraging blogging. That's the only chance you have to make a human impression on a large part of the rest of the software development world. And it's also a crucial way to educate your developers on other people's thinking and wonderings about their work.

(The rest is only interesting to Swedes, sorry)
Fråga till SMHI och Miljödepartementet

Jag skrev nyss detta mail till SMHI och Miljödepartementet, där jag frågar om SMHI har några planer på att, i i likhet med NOAA i USA, publicera väderdata i öppna format för fri tillgång för allmänheten, samt gör ett försök att argumentera för saken. Detta ämne med omnejd har tidigare diskuterats på Gnuheter, något jag upptäckte först efter att jag skrivit och skickat mailet. Intressant är att Lantmäteriet finansierar en sjukt stor del av sin verksamhet med avgifter, och jag kan tänka mig att SMHI befinner sig i en liknande situation (vilket troligen kan kontrolleras i deras årsrapport, vilket jag inte ids göra just nu), vilket gör det svårt att för dem "inifrån" motivera att strypa ett kassaflöde som är viktigt för dem. Jag anser (även om jag troligen inte ägnat ämnet tillräcklig tankemöda egentligen) att en allmännyttig myndighet bör finansieras med skattemedel och att till exempel förädling och vidarebefordran (till exempel presentation i TV) utav data skall lämnas åt kommersiella eller ideella aktörer, genom att alla medborgare ges fri tillgänglig till var myndighets data. I fallet SMHI sitter de ju redan på en massa data som de ändå redan skulle ta tagit fram och förädlat, t.ex. åt försvaret och en mängd andra myndigheter, varför man borde kunna anse att denna data faller under allmän offentlig handling enligt 3§ 2 kap. tryckfrihetsförordningen. Och så vidare.

Shameless self-promotion

Today we are opening the doors for our new web hosting service, PayPerGigabyte, which is a web host for static content aimed at high-bandwidth customers. The pricing model is inspired after the pre-paid GSM subscriptions that are very popular in Europe: no monthly fees, you just pay for the resources you use. We created this service as we have many customers running temporary banner campaigns demanding lots of bandwidth during short periods of time, and for them most regular hosting solutions tend to be rather expensive, unless they get a dedicated server which usually involves lengthy contracts with high monthly costs. To get some open source connection of this shameless plug, there is a lot of Perl scripting involved behing the scenes. :-) The website is built in JSP, with a MySQL backend. In connection to this launch, we also set up some ads using Google AdWords. It's a very interesting tool, with a simple snippet of Javascript on our "purchase complete"-webpage, we are able to track ad conversion rate from within the AdWords UI, and can see exactly what ad and search term rendered a purchase. At least that's the theory - since it was only hours since we put up the AdWords campaign, we haven't seen any actual results yet. But I think the business idea is pretty good, as it not only appeals to people with huge bandwidth demands, but also people with very small/personal web sites that uses less than 10 GB transfer per year, as they can get away with $7 per year at current rates. The downside of all this is, of course, that we don't offer any dynamic content such as CGI or JSP, as that would rise the administration burden to ensure proper performance for all customers.

Initially, we aimed at using iKobo for handling the credit cards transactions, but since they blocked my account (as mentioned in a previous post), we settled with PayPal instead. This is not so bad; PayPals APIs and integration services are a lot more advanced and their Developer Central offers a very good sandbox environment for anyone who wants to integrate their web site into PayPal functions.

If you read this and actually find our services interesting enough to sign up for an account, I am offering 50 GB data transfer free to all Advogato users purchasing at least 10 GB worth of bandwidth. :-) Just mail me your Advogato username, PayPerGigabyte account name and mention this post once your purchase is complete and I'll take care of the rest.

Governmental openness

I just noticed that Slashdot reports that the US National Oceanic and Atmospheric Administration has adopted their new information access policy. What is interesting with this is that this new policy supposedly is heavily influenced by what hundreds of Slashdotters has said, pushing them in the direction of open standards and public access.

This made me think about something that has been discussed briefly in KOM since Staffan became obsessed with laws: why doesn't the Swedish government provide, for example, our complete law texts in a vendor-neutral, machine-readable format for public download? In fact, they even go so far as to block robot access to the primary source of law texts, Rixlex, using robots.txt! (Possibly violating our "free press act" (Tryckfrihetsförordningen)? Staffan has blogged about this, too.) Swedes often talk about our open and transparent society, with rigid bureaucracy in place to ensure that all citizens have access to all public records and writings, with few exceptions. One would think that, given Swedens willingness to commit to an open government, the government should provide raw data and free access to any electronic information available. This obviously isn't done.

Now, the discussions that were in KOM was: how do we actually lobby for a change for the better in this area? Who do we talk to in order to make the government aware that standardised and free access to public records and laws would not only be "the right thing to do" in a democratic sense, it would also allow ambitious entrepreneurs to figure out new ways to publish and index that information in pursue of new businesses?

What struck me when I read the NOAA post on Slashdot was that we would need something like that to get the ball rolling - a frontpage Slashdot story might be a little overkill an issue that concerns a mere 9011273 people, but on the same time, it feels like the Swedish Slashdot equivalent Gnuheter is a forum a little too narrow to gain enough activism that can be heard. What we want in this case is to target three communities: the software people, the law people and the politically aware, all of which should be interested in a more open and information-aware society.