MJR's slef-reflections

photo

software Entries

I Can't Dance

Mon, 14 Apr 2008 11:00:42 +0100

My legs hurt.

It hurts to sit. It hurts to stand. It hurts to walk. $DEITY knows what it will feel like to ride my bike.

How did I do this? It wasn't some bizarre biking accident. I was laying cables under the floor between the two offices at the opposite corners of my building yesterday. I lifted three floorboards and four carpets and drilled one hole. Afterwards, I rebuilt some shelves. How did that hurt my legs???

Today is Blogger Appreciation Day [UNOFFICIAL] so I'd like to thank Steve for Chronicle which is now powering this blog instead of the old homebrew.

Meanwhile, messages that came in while I was AFK included a strange one from Paul, Steve being elected as Debian Project Leader (well done!), 'Free Software in Ethics and Practice' - Richard Stallman, Thursday 1st May, Interview: How a hacker became a freedom fighter From New Scientist Print Edition, Understanding Design & Computers: Notes from an Introduction to OpenMoko, by Ole Tange for UKUUG

Finally, in a cycling and cooperatives cross-over, this article on Hammond's crash also mentions the other two Brits, who ride for cooperative teams. I watched the race, but didn't see much of them.

1 comment.

Tags: cooperatives, cycling, debian, life, phones, software.

Talk with People who want to Discuss

Tue, 15 Apr 2008 14:58:37 +0100

I spend too much of my time trying to talk with people who don't want to discuss, yet somehow I won't stop.

I keep hoping that things like suggesting good advice on meeting scheduling will avoid them repeating old mistakes. The most extreme life-and-death example is probably trying to help with Kewstoke Toll Road, where people still speed and someone crashed off again last night (although I don't know what caused last night's crash - could have been a simple accident).

Of course, it's better to talk with people who have asked questions and want to hear the answer. I'm currently involved in several groups like that and it makes me much happier [4HWW]. I've even made a confidentiality agreement [Network Blogging article] about one group because I really like the organiser and want to help them, but I've yet to see changes happen because of it and that's probably about all I can write here, which does rather suck.

But talking of changes that make me happy, I spotted that Bristol Wireless has now gone further than TTLLP by deciding to change people away from Microsoft Windows when they find it:-

"all Windows stuff must be gone from the premises [...] no longer help do callers favours with broken Windows machines, apart from fixing them properly and permanently by installing Debian"

at their March meeting. Well done, BW!

After a request, I finally put four photos from Social Source South West (which was hosted by BW) online, which reminded me to subscribe to watfordgap's travels. Disappointingly, on my first read, it promotes the Suppliers Directory developed by Lasa. That directory is a big problem because it creates a silly barrier to entry which hinders new social enterprises and cooperatives. At a time where most non-profit software is unsustainable and needs to change, requiring three referees is a way to obstruct change. Also, persuading three people to support their work is no substitute for supplier evaluation.

Any non-profits who want to lead their sector should approach ICT suppliers directly. The article also mentions Experts Online which is even more short-sighted about computing: "both PC and Mac" indeed! What about GNU/Linux, thin clients, and other changes which are already making a big difference to some non-profits...?

But here I go again, talking to a brick wall.

I expressed these concerns when that Directory started and it didn't do any good then, so I doubt they'll change it now, near the end of its life.

So I'm going to move on. There are lots of people emailing who want to hear from me, so it's time to concentrate on talking with people who do want to listen. If you want to discuss this with me, visit my website for the comments form (click the title or look for a "view original post" link, depending what site you're reading).

4 comments.

Tags: cooperatives, debian, life, photos, software, toll road, wsm.

21 today! MJR around the web...

Thu, 17 Apr 2008 13:44:57 +0100

Be the first to comment.

Tags: cooperatives, debian, links, software, web, wsm.

Explaining web site improvements: what's important to you?

Fri, 18 Apr 2008 12:32:33 +0100

[Photo of Some Traffic]
Is this traffic or congestion?

This is one of those Friday Afternoon Projects - it's been put off all through a busy week because it's unpaid, I'm not completely sure how to approach it and now my arms hurt like hell from travel jabs which are making it hard to concentrate! So I'm going to float it on here...

I've been asked to brief a meeting next week about that group's current web site and its problems. I'm not linking it yet to avoid insulting/embarrassing them.

The site looks OK, but doesn't rank well on search engines and doesn't allow much member participation. I need to explain why that's a bad thing and how the site's technical choices have led to that. I'm not directly pitching for TTLLP to get any work (because I'm a member of that group, it might be a conflict of interest and we're pretty busy anyway - even our own site needs work on some of the points I'm going to mention), but I don't want to be unhappy if we're asked to implement my recommendations.

I've got a usual outline that I follow, but my presentation's time is limited, so I'd like to ask you: what about this is important and what isn't? If you give me useful feedback, I'll put you in the Acknowledgements with a backlink and I hope the briefing will be shared pretty widely over the next few months.

The current plan is to start with a basic explanation of how search engines rank pages, as far as we can tell, referring to PageRank Explained Correctly with Examples, by Ian Rogers as well as the shorter official summaries from the dominant search sites at Yahoo, Microsoft and Google.

Then I go through a quick evaluation of the site against the basics of validation, accessibility and robot-friendliness, followed by a couple of SEO-style checks of its current rankings and inbound links.

Next is a bit different because I have access to some of their web access stats: I summarise what we know and suggest some other stats they've probably not considered and why they're useful, along the lines of Dave Briggs's measures of blog success.

Finally, I suggest ways to improve the site. The top tip will be to take control of the site hosting and stop using the cheap and cheerful donated server that makes all links except the front page point to another domain. I'll probably suggest a mix of free and open source software tools to power it. If they don't want to move it all yet, I'll suggest running a second site for member participation, using tools like Wordpress, NoseRub and so on.

What do you think? Plan for success, am I missing some tricks, or am I setting myself up for a lynching? Let me know with a comment or email, please.

2 comments.

Tags: cooperatives, life, software, web.

Dangling the Bluetooth Dongle in front of the Penguin

Tue, 22 Apr 2008 00:43:38 +0100

[Photo of Dongle]
Tux likes this fish-like object.

I finally got bluetooth file transfer working between my phone and laptop a little while ago. It wasn't particularly hard, although there were a couple of dead ends.

The basic bluetooth layer is petty easy. Start dbus, start hcid, start passkey-agent if you've not paired the two. It seems to be a bit simpler to start the pairing from the phone. Then use sdptool browse to check the phone is seen clearly.

After that, it got a bit complicated. obexftp worked well enough as far as it went, putting items onto the phone and getting files off the phone, but I couldn't work out how to get some items off the phone. They just didn't appear in the obexftp or obexfs listings. So I wondered if it night be easier to start the transfer from the phone.

There's an obexftpd, but I didn't figure out how to send it files. I also tried to compile opd but I think it offer patching for modern gccs. (Anyone got these working?)

What I did get to work was sobexsrv - just tell it a directory and it puts any files it's sent there. Works a treat.

One other thing that has been really useful is anyremote. It's a command server for the GNU/Linux side and a Java client for the phone. The phone mostly picks from option menus or preprogrammed keys, but editable fields are also possible. You can run any commands that the server configuration allows, including starting file transfers. I think that's possible because remote control and object transfer are on different bluetooth channels, but I don't really understand it yet.

I've improved the RSS reader to use xsltproc and added shell commands to it. Once I'm fairly sure it's reliable, I'll upload it near here.

(Posted in part due to an ALUG thread which reminded me about this forgotten draft.)

2 comments.

Tags: debian, phones, software.

UK mobile micropublishing choices?

Sat, 26 Apr 2008 01:08:35 +0100

[Photo of Phone]
My communications connection

I'm going travelling this summer. I don't know what internet connection I'll have (if any) but I'm pretty sure I'll have fairly cheap SMS access from my phone. Maybe even MMS. So, I want to use one of the mobile micropublishers to try to avoid sending international SMSes to lots of people.

Facebook doesn't look good - it gives a shortcode (which would cost me extra to use and I don't know whether it works while roaming), has no number for SMS that I found and it looks like O2 is the only UK carrier it knows - bizarre.

LiveJournal has mobile access but the FAQ makes it look like it's only for paying users. If I was sure it was going to work, I might pay and support the GPL'd codebase.

Jaiku is cost-free and gives an SMS number, but is joining the Goolag and I don't see how to download their Java applet.

Twitter is cost-free, gives an SMS number and looks like it plays nice with Jabber (which is already on my phone), so that looks good but I found some complaints about whether SMSes get through.

20six is a German-based cost-free service which takes SMS and email (which is also on my phone), so that also looks good, but there are some old doubts about whether it will stay cost-free.

Is there a service you'd recommend?

4 comments.

Tags: phones, software, web.

Computer things that puzzle me today

Sun, 27 Apr 2008 17:09:25 +0100
About gobolinux

I can suspend my laptop and it restarts happily enough in X, but playing video results in a strange green square. I've found that starting and killing another X server (like X :1, wait for the grey mesh and then zap it) fixes the problem and I can switch back to my original :0 X and play video again. I wonder if these notes on X suspend and video BIOS by Matthew Garrett explain it.

About debian

Why on earth did someone change the .changes format so swiftly and why does a change that breaks a common upload process (build in a VM, sign on a stable system) only warrant a -devel-announce paragraph under the headline Misc Development News (#6)? "Small news" - my foot!

4 comments.

Tags: debian, gobolinux, software.

Updated GnuPG Key Expiry

Mon, 28 Apr 2008 12:42:37 +0100

I'm still alive, so it's past time to update the signature on my gpg key into next year. The key phrase in the handbook is:

"The expiration time is updated by deleting the old self-signature and adding a new self-signature."

but somehow I always have to look it up, so I thought I'd make a note of it here.

It looks like debian-keyring should update now I did --send-key to it, but I guess I'll find out in a few weeks.

Be the first to comment.

Tags: debian, life, software, web.

Posting Ahead

Thu, 15 May 2008 09:52:52 +0100

I'm convinced by The Argument for Posting Ahead [Network Blogging] so why didn't I set it up for my recent trip?

Well, a while ago, I had a bit of an email discussion with Steve about delayed posting features for Chronicle which I think ended with the addition of chronicle-spooler to the released files. I initially suggested ignoring a post when its Date is in the future, like Wordpress does, but I think that wouldn't be backwards-compatible and isn't as flexibile as it could be.

chronicle-spooler works by moving files from a spool dir into a live dir. I'd forgotten how much it confuses me when files on a "static" site start moving themselves around. It means I have to merge before upload, which isn't a big change, but still annoying.

So, I've added the following lines to chronicle to skip entries with a Publish header in the future:-

--- chronicle-2.7/bin/chronicle.orig	2008-05-15 10:13:55.000000000 +0100
+++ chronicle-2.7/bin/chronicle	2008-05-15 10:13:43.000000000 +0100
@@ -607,7 +607,8 @@
         #  Read the entry and store all the data away as a
         # hash element keyed upon the (unique) filename.
         #
-        $results{ $file } = readBlogEntry($file);
+        my $result =  readBlogEntry($file);
+        if ($result) { $results{ $file } = $result; }
     }
 
     #
@@ -1479,7 +1480,7 @@
     my $tags    = "";    # entry tags.
     my $body    = "";    # entry body.
     my $date    = "";    # entry date
-    my $publish = "";    # entry publish date - *ignored*

+    my $publish = "";    # entry publish date
 
     open( ENTRY, "<", $filename ) or die "Failed to read $filename $!";
     while ( my $line = <ENTRY> )
@@ -1527,6 +1528,14 @@
     }
     close(ENTRY);
 
+    # MJR - embargo stuff until its publish date.
+    # Steve recommends using chronicle-spooler,
+    # but I want uploaded files to stay where I put them,
+    # else I get my local copy confused.
+    if (($publish ne "") && (str2time($publish) > time())) {
+    	return 0;
+    }
+
     #
     #  Determine the input format to use.
     #

I think that's compatible with chronicle-spooler, too...

Be the first to comment.

Tags: life, software, web.

No Battles - Just Stand Firm On Best Practice

Fri, 16 May 2008 08:52:52 +0100

"Here are three examples of rules that I think it's time to abandon. These particular examples are all about email.

1/ Top Posting [...]

2/ HTML Email [...]

3/ Reply-To On Mailing Lists [...]

So, yes, the barbarians are at the gate. The lunatics have taken over the asylum. Good ideas have been crushed by the number of people who don't understand them. But there's no point in complaining about it. You just have to accept it and move on."

-- Pointless Battles For Geeks, By Dave Cross

Unsurprisingly, given the above links to my site, I disagree with Dave Cross's conclusion, but I do agree with two aspects: battling is generally pointless and using hard rules about these things is unnecessary.

I have those pages on my website so that I can point to them when their broken emails aren't handled as expected. I use some aspects of them as scoring inputs in my mail filters. I don't use them as rules and I try not to complain about them too often.

Nevertheless, I still believe sending properly-trimmed plain text emails from a list-friendly email client is clearly best practice, to be recommended when someone asks why their email bad habits are causing them problems.

4 comments.

Tags: life, software, web.

BBC TV: Click: Free=beer and facebook-flaming

Fri, 16 May 2008 17:15:36 +0100

Free software finally gets significant coverage on BBC TV's Click show this week, but I think it's very much Linux rather than GNU/Linux and free cost rather than freedom. They mentioned free security software and even raised the possibility of trojans, but didn't mention how free (as in freedom) software allows any random end-user to check or have it checked.

Quite a missed opportunity! However, Click has a regular letters section, so watch it (times below), email click@bbc.co.uk and see if we can get the free software view across.

The letters section this week seemed to be flaming proprietary SaaS social network site facebook for their pathetic default-permit approach to security of user details. I really think there's a role for something like noserub in free software social networking.

Click-UK is shown on BBC News Channel Saturday 1130, Sunday 0430 and 1130, Monday 0030 and Sunday 0430 on BBC-1 (times BST)

Click-World is shown Thursday 19:30 GMT, Repeated Friday 09:30 and 12:30 (Asia Pacific only), Saturdays 06:30, Mondays 15:30, Tuesdays 01:30 (not Asia Pacific, Middle East or South Asia) and 07:30 GMT

Anyone else see this?

1 comment.

Tags: life, satellite, software, web.

Met Calyx about Koha

Tue, 20 May 2008 12:22:23 +0100

I met Irma and Bob from Calyx yesterday. They're fellow Koha service providers from Sydney, Australia who are over in Europe visiting various people.

It was nice to see them (first time I've met Bob) and have a bit of a chat about where we're each going with Koha. One interesting difference is that they have several private-sector clients, while I don't think my cooperative has yet done a private-sector Koha, but there seemed to be more similarities than differences, including adding more robust project management and ticketing as we deliver Koha 3 to people.

We went for lunch at The Cliffs Tea Rooms at the other end of Kewstoke Toll Road, which has great views towards Wales, but I forgot to take any pictures. Ooops.

Be the first to comment.

Tags: cooperatives, koha, life, software, wsm.

Updating the Accounts

Thu, 22 May 2008 08:52:23 +0100

I finally closed my cooperative's annual accounts for the year to 5 April 2008 yesterday. We wrote off one project (not bad for a year) and now we can start on the annual reports. For day-to-day entries, we're still using my simple scheme/web app called SQL-Journal and I should make a new release real soon now. I've added some features since 1.3 and there's a few more I want to add, but I'm no accountant, so it will remain simple and stupid, but good enough for me.

Bristol Wireless's accountant has written some comments on GNUcash which is an interesting view: "not quite there yet" which could help finance software developers.

Better searching is one thing I will add to SQL-Journal some time, but it will probably never have features like reporting (I either use an SQL-based report package or export to a spreadsheet) and I know it's no better at handling VAT, mainly because TTLLP isn't VAT-registered yet.

I also spotted Finance software in Emdebian, by Neil Williams recently. I wonder if the bursts of accounting interest are connected to the end of the financial year?

4 comments.

Tags: cooperatives, software, web.

Bristol and Bath Perl Mongers

Tue, 27 May 2008 08:55:01 +0100

The first meeting of the new Bristol and Bath Perl M[ou]ngers is tonight (Tue 27th) at 7pm, according to this mailing list post.

Despite their rules, I've already been well-flamed by one member, so it will be interesting to see what sort of group it becomes. Hopefully the flamers are nicer in real life.

Be the first to comment.

Tags: koha, life, software.

Quick Question: opticaljungle.com = publicdomainregistry.com?

Wed, 28 May 2008 12:21:26 +0100

Are opticaljungle.com and publicdomainregistry.com the same people?

Their addresses look identical but their phone numbers are different. Both appear to have some connections to directi.com. Is there any way to check if they are the same people?

I don't know how to verify US companies when they appear not to want to be verified... Domain Detectives thinks they're both directi

Be the first to comment.

Tags: cooperatives, life, software, web.

Getting Linux InfraRed Beaming to a Palm III with a Belkin USB Device

Thu, 29 May 2008 08:55:01 +0100

I lent someone my old Palm IIIe as a data entry device for an exhibition this week. I don't use it much since I got a Samsung K608i last year. They weren't comfortable with using their smart phone as a data entry device. I can understand that: I'm still pretty slow at phone-typing and it corrupted data when its memory filled recently.

The batteries had been removed from the Palm to avoid them leaking, so it needed reloading with useful Palm free software for data entry. The first problem was that I decommissioned bouncing a while ago and that was the last machine to sync with the Palm. I wasn't keen to pull it out of the store cupboard and connect all the wires, but my current desktop machine nail doesn't have a 9-pin serial port for the cradle and that's the only connector on the Palm.

Actually, it's not the only connector: the Palm has an InfraRed emitter and I have a Belkin F5U230 USB-IrDA dongle thing. I don't use it that often, but it worked enough to connect nail to the internet through my old mobile phone. That was a while ago and I forgot the specifics, but eventually I noticed the key phrase in the irattach man page:-

"Note that there is another USB driver for those devices called ir-usb which is NOT compatible with the IrDA stack and conflicts with irda-usb. Because it always loads first, you have to remove ir-usb completely."

Sure enough, I checked the lsmod output and found ir-usb there, screwing stuff up. A few modprobe -r commands, then I simply ran

"irattach irda-usb"

and saw the irda0 network device appear.

Still one thing to do: beam the actual applications. This was pretty easy because I remembered reading that obexftp defaulted to IRDA sending when I was getting bluetooth working. All I had to do was enter a command like

"obexftp --irda --put db.prc"

and the Palm asked if I wanted to accept it! Yes!

First test with obexftpd for receiving files wasn't encouraging, though and I can't see how to use sobexsrv for this: I'll probably write next week whether we get any data off the Palm! The Palm IIIe is too old to hotsync over infra-red, as far as I can tell. I've got a roundabout route through the K608i but it doesn't seem to be very reliable. Anyone got any expert tips?

2 comments.

Tags: gobolinux, hardware, life, phones, software.

Told You So: Exhibitions and Spammer Registrars

Fri, 30 May 2008 08:54:13 +0100

I used to help staff more exhibition stands than I do now. Part of the reason I stopped was that few free software people seem to appreciate the basics of running a good exhibition stand and I got bored of arguing that we should give people space, avoid putting a counter across the stand, keep notes of contacts made and basic stuff like that.

So, it was good to read Connecting People: Making an exhibition of yourself - the exhibitor and the linked Business Startup Coach shares Exhibition & Trade show secrets which repeat many points I've made before. Don't want to listen to me? Listen to the marketing experts.

Some time after noticing WDPRS, I tried reporting as much spam as possible for a while, to hosters and registrars based on WHOIS details.

Some hosts and registrars were good at dealing with spam (Yahoo and walla.net.il were exceptionally good) many were bad (bresnan.net, registrationtek.com, publicdomainregistry.com (PDR), ait.com, omantel.co.om, ttnet.net.tr) and some were ugly (Tucows/OpenSRS wrote back to say they don't do anything about domains they register, while ENom and Moniker never sent human answers).

So it's no surprise to see ENom, Moniker, PDR and AIT on the list of

"Top Ten Worst Spam Registrars Notified By ICANN" ultimately taken from this report.

Be the first to comment.

Tags: cooperatives, life, software, web.

Hosting Blogs on Multiple Servers

Wed, 04 Jun 2008 15:09:03 +0100

[Mast]
(Is this a network?)

Terry Lane asked:

"Do you know of any reason why someone would suggest we consider placing blogs on more than one server? I think his main concern would be related to SEO and - I'm assuming here - Google."

There are some small reasons, mainly about various sorts of reliability: what if the server catches fire, what if someone filters out adverts from the server, what if the server gets labelled as a spammer or splogger, and so on... but I believe they're outweighed by ease of management and having all your site on one server.

If the search engines label your IP address as a spammer, you can get another IP address as a short-term fix, but in general, the search engines are always a major threat to a blog-based business. If they label one server as a spammer, I think it would take the guys at google or whatever about 0.1 seconds to spot the link to another server. The best tactic is to avoid looking like a spam source in the first place...

I guess if you're hosting several blogs on shared servers, like I do, splitting your blogs across several servers is a good idea for those reasons, which is part of why I do it... In any case, make sure you download backups in case your hosting goes like this:- The Planet (EV1) Data Center Catches Fire - 9000 Servers Offline

If a blog becomes really popular, the usual tactics of mirroring and distributed load-balanced hosting can be used, but I don't think that was the question here. Even after all those, I can't think of any real killer reasons to split a blog across multiple servers if you're on your own dedicated server already. Have I missed a reason?

Be the first to comment.

Tags: cooperatives, software, web.

Bridgwater College Computing Advisory Panel

Sat, 7 June 2008 08:52:34 +0100

Probably due to some mistake or just an excess of randomness in the world, our webmaster cooperative has been invited to Bridgwater College's Computing Advisory Panel meeting next week and it looks like I'm going.

The interesting agenda items are:-

5. Current Curriculum offer

6. Computing and ICT Sector Developments - Education and Training - ICT Diplomas - Distance Learning - Specialist training / apprenticeships

7. Meeting Employer Needs

I've asked some nearby cooperatives and social enterprises for comments and I'll probably highlight things like Linux opens London's Oyster and Specsavers sees clear benefits in open source when arguing for more free software use and emphasising "worker needs" rather than "employer needs", but please send me any other suggestions in a comment on this blog post or an email.

Be the first to comment.

Tags: cooperatives, life, software, web, wsm.

Fixing things the wrong way

Mon, 09 Jun 2008 13:14:56 +0100

For some reason (maybe related to upgrading openssl recently), my Jabber client became unstable. Instead of fixing it the right way, I simply upgraded to Emacs 22.2 (which also got me the emacsclient --eval option mentioned on this blog previously). It still wouldn't make SSL connections at first, but a quick application of [jabber.el] Anybody using emacs-jabber with Emacs 22.2? fixed it.

That's the wrong way to fix that bug, but it's not quite as wrong as misusing computers to try to fix copyright infringement. MediaDefender denial-of-service attacked a TV production company, as described in Inside the Attack that Crippled Revision3 on May 29th, 2008 at 07:49 am by Jim Louderback in Polemics MediaDefender or MediaDestroyer?

That's the wrong way to fix that bug, but it's not quite as wrong as making treaties mostly in secret, under NDAs to try to evade local copyright law-makers. The US government, the European Commission, Japan, Switzerland, Australia and a handful of other countries are meeting in a secret negotiation on a new treaty

"that undermines civil rights and privacy, and which many say will change the substantive rights the public has to use copyrighted works or inventions."

Read more at Act On ACTA and then contact your law-making representatives.

Be the first to comment.

Tags: life, software, web.

Online shopping

Tue, 10 Jun 2008 11:48:38 +0100

I maintain a number of web shops for our webmaster cooperative and one of our main challenges is to encourage people who put things into their basket/cart to actually buy them.

How to avoid shopping cart abandonment by Graham Jones makes some points that I've identified as possible reasons for people not buying in the past: comparisons, robots and not trusting the site enough to give payment details. There's not much we can do about robots or people comparison-shopping at a technical level, but we try to build some trust by publishing the shop owner's geographic address and telephone number (which I think is required by law in England for most web shops now), making sure the SSL certificate and domain registration details are correct, using reputable payment providers and being clear about delivery charges and terms.

The point about the slickness of the checkout process is a good one and one that we've only recently started to work on. We've had pretty good results from making the checkout slicker on one site. It looks like two-thirds of people who click the checkout button now continue to buy, putting it comfortably ahead of current UK averages but I need to tweak our stats calculator to make the report directly comparable. Nevertheless, I think those improvements will be added to our other shops as soon as possible.

I share Graham's low opinion of the oft-quoted Amazon. We've also been looking at other web shop software besides OSCommerce for a new project, so now would be a good time to change to something new if it improves the checkout a lot. We've made OSCommerce's checkout a lot smoother, but it's still essentially OSC. Is there a good checkout which you'd want to use as an example?

The other challenge is getting visitors onto the site in the first place. How To Build Links By Patrick Altoft explains the basics as well as I've seen recently.

1 comment.

Tags: cooperatives, software, statistics, web.

Warning for Webmasters: Friday 13th ahoy!

Thu, 12 Jun 2008 16:18:11 +0100

Personally, I like Friday 13th. It's usually been pretty good for me. But for this one, I won't be surprised if computer abusers are planning some big attack tomorrow.

I've just spent a big chunk of my day upgrading and securing some of the websites that our free software cooperative supports for a customer. The number of attacks in the access logs is surprising - and I've been fixing other people's cracked servers for over a decade. It makes me wonder if someone is finding and recruiting exploitable systems for tomorrow.

If you have a website, please check that any web applications on it are installed correctly and the latest secure versions. I've been seeing a lot of attack attempts for Joomla and WordPress in particular, even on sites which don't run them. That says something bad about either the success rate of attacks for them, or the stupidity of their attackers.

In our case today, the damage seems to have been minimal (touch wood!), with the customer merely being banned from some networks for a while. It could be so much worse, like this BBC News report about Cotton Traders Card details stolen in web hack (which is part of why I suggest small online shops avoid storing credit card details on their site - leave it to the payment gateway).

Finally, there are some new scams like Conmen abuse web address checks on the horizon for online shops, so make sure you've got your 3D-Secure rules set correctly by now and be cautious about sending goods before you're sure you've got the money. I think all web card payment systems are a risk, so please try to limit your risk.

Update: If you do get attacked, try to help track the attackers down so we can get other results like the Jail sentence for botnet creator. I wish our governments would concentrate on toughening up blatent computer misuse law and stop tightening copyright law in secret.

Be the first to comment.

Tags: cooperatives, life, software, web.

7 Reasons Why Firefox 3 Download Day Sucks

Wed, 18 Jun 2008 14:06:57 +0100

Download Day 2008

  1. It's every where on TV and in print, even in Esperanto, which doesn't even have an official translation - only a third-party add-on Esperanto language pack.
  2. It was late even for the US and after most of Europe finished work AFAIK.
  3. There's no official bittorrent.
  4. There's no link to the source code from the main download page as far as I can tell. It may be mostly free software, but it feels like MozCorp don't want pesky users changing things.
  5. It brings more changes for webmasters (which is another reason I code to standards whenever possible, but I bet some of the free software web applications we use will need upgrades).
  6. It might be the "most stupid world record ever" (or at least useless) and comes just as some browsers move away from the Gecko engine.
  7. ...and all this irritation came before I've even built and installed the damn thing!

Seriously: the browser looks like a big improvement from Firefox 2, but there are so many niggles with this download day idea...

10 comments.

Tags: cooperatives, software, spi, web.

Firefox 3, day 3: first impressions

Fri, 20 Jun 2008 14:24:30 +0100

Previously, I wrote:

Seriously: the browser looks like a big improvement from Firefox 2, but there are so many niggles with this download day idea...

In reply to Open Sesame » Did you download Firefox 3?, I answer "Yes". It was a major upgrade for me, requiring new versions of Cairo and GTK+2, and installation of DBus-GLib on my GoboLinux computer, which brought in new versions of Xorg and so required a recompile of my GNUstep desktop applications.

Once that was done, Firefox compiled unattended. As noted by Adam Sampson in the comments on my last post, even after building from source, you still get all the obnoxious click-through EULA and when you type about:config into the address bar, you get a "no user-servicable parts" sort of notice, which really sucks. I notice that MozCorp don't call it "100% Open Source", preferring instead Firefox: 100% Organic Software (because we need another marketing campaign for free software, right?), so I expect I need to winkle out the restrictively-licensed parts again - GNUzilla, there's still demand for your good work!

After day 3 with Firefox 3, what do I think of it? Well, it seems a lot faster and a lot less RAM-hungry, and I'm quite impressed that all of the fancier bits of Koha and Wordpress seem to be working nicely but while I'm not annoyed enough to switch browsers yet (unlike FF3 and Safari - DrBacchus' Journal), there are still a hell of a lot of niggles and interface bugs. Some of the problems may have been introduced in Firefox 2, but I didn't actually use that enough to notice. My day-to-day browsing for the last year or so has been on a customised Firefox 1.5.

The FF3 user interface has some big steps backwards from FF1.5: in particular, I've lost the "force pages that try to open new windows into the same window" option (or whatever it was called... I can't find the FF1.5 manual online anymore); some keyboard shortcuts have changed - for no good reason that I can see (JavaScript has switched from Alt-E n Alt-S to Alt-E n Alt-J, for example); what on earth is the history drop down doing next to the "Go Forward" arrow?; and the button to close a tab is on each tab, so I need to be careful to miss it when trying to switch to a tab and my pointer makes a pointless detour to the top-right when I want to close a tab.

It's not all bad on the interface. The new RSS feed and bookmark links in the location bar are much better than in previous versions. The bookmark tagging and auto-generated folders could be a great idea once I've used it for a while.

I'm pretty annoyed that Firefox 3 seems to come with some spyware enabled as default. I usually have cookies either switched off or set to "ask me every time" so I was surprised to be offered a cookie from safebrowsing.google.com! I know it's for a noble goal, but what's this doing enabled without asking first? Untick the "tell me if the site I'm visiting is ..." options in Edit: Preferences: Security if you don't want details of your browsing to be sent to the USA. Another thing which really annoys me is that the Firefox support site requires javascript and seems unhappy with my cookie settings. Not cool.

Other than that, the main problems with Firefox 3 are omissions rather than bugs. For example, Microformats [Alex Faaborg] support was one of the long-trumpeted new features in Firefox 3, but they're really not obviously included, as noted by others in posts like Firefox 3 is here - where's the microformats?

And finally, searching mozilla.com for firefox returns 0 hits, which is a bit strange... are they ashamed of it?

8 comments.

Tags: cooperatives, koha, software, spi, web.

Firefox 3, day 6: security flaw and banks

Mon, 23 Jun 2008 11:23:01 +0100

I didn't spot this when I wrote my last post, but it seems there's a security alert for FF3 already - hackademix.net: Firefox 3 Untimely Security Advisory - but it also affects FF2 and probably my cautious Javascript settings are enough to stop it anyway, looking at that report.

I've also been sent another update to the page on Online Banking with GNU/Linux, Firefox-based browsers or Free Software (first direct plus using ActiveX) - I wonder if any bankers will be noticeably slow to allow FF3 and will any of them cite this security flaw? I hope not - UK online banking security is hardly in a good place to throw stones.

I was mildly surprised that the list was linked from Ashley Highfield's BBC blog on Testing Linux Ubuntu but I've no idea why he doubts the list's accuracy! It's as accurate as its contributors - most of whom I name - and I'm willing to put my name to it too. That's better than Wikipedia, which the BBC uses far too much IMO. Would he trust the list more if it was anonymously-edited on a public site? Anyway, I guess I should move that list to a more permanent location soon.

Previous FF3 parts: Firefox 3, day 3: first impressions and 7 Reasons Why Firefox 3 Download Day Sucks

Be the first to comment.

Tags: banking, software, web.

Firefox 3, day 10: security flaw 2, more banks, looking for a new browser

Fri, 27 Jun 2008 20:45:44 +0100

Well, I was hoping to get Yet Another Blog Reorg done before posting this, but it just hasn't happened, so here are a few more thoughts on Firefox 3 on this ol' blog. In fact, I'll probably finish the FF3 series here before I switch over.

I was in central London on Tuesday and suffered both the rudeness and the black snot (which no-one else I know seems to suffer) so maybe that's why I've been underachieving this week. I've had London lethargy.

I had a report about online banking that doesn't work with FF3. NPBS will move into the hall of shame, sadly. I'm almost certain I warned them months ago that their online banking was doing Javascript stunts that aren't going to work forever. I emailed them and haven't heard back since.

Back to the browser: I share the contempt for the Firefox 3 and SSL problems and I like the new URL bar too. However, I am finding the FF3 seems to use more CPU (and so power) than FF1.5 and there seems to be some frustrating delays in FF-clipboard communications, so I'm looking at other browsers. Conkeror looks interesting. Still Gecko (useful for work) but stripped down.

I spotted another post about microformats, which I mentioned in my last post, about the BBC dropping support for microformats [John Resig] and I also noticed just how good SVG and Minimalist Markup looks in FF3 [Sam Ruby] - I'd love to try it, but my IE-using clients probably wouldn't understand and I hate making single-browser special editions.

2 comments.

Tags: banking, life, software, web.

End of LugRadio!

Thu, 03 Jul 2008 12:57:21 +0100

Just read on Farewell LUGRadio? [theangryangel] and Ashes to ashes, dust to dust... Lugradio is at an end [sungate] that the most famous UK Free Software podcast is ending at the end of this year. I don't know the reasons yet, but it seems a shame.

I've been listening again since they proved me wrong and sorted out the dumb licensing terms so it's clearly legal to cut the shows up and only copy the bits that interest me, and Season 5 seems more interesting than previous ones. Then again, I enjoyed Red Dwarf VIII, so what do I know? (but VI and VII did drag a lot)

Maybe I will go to Lugradio Live 2008 in Wolverhampton on 19-20 July now I know when it is! (Why is the date only as a large slow graphic on the event page? D'oh! (Yeah I know I should have emailed them, but I had an unfun experience with the show, so I'd rather shout this in public. Wow. I guess I'm still unhappy about them regressing to school playground name-calling.))

There are some suggested alternatives on theangryangel, but most are more Ubuntu-centric (which wasn't a good thing about LR), non-Ogg and/or non-European, so it looks like I'll give LinuxOutlaws a try. Any other recommendations?

1 comment.

Tags: software, web.

End of this blog!

Mon, 14 Jul 2008 11:02:09 +0100

This blog has moved on to software cooperative news - please click through to continue reading.

Be the first to comment.

Tags: life, software, web.

RSS Feed

This is copyright 2008 MJ Ray. See fuller notice on front page.