Software

I'm teaching myself the Ruby programming language this weekend. I came across a Linux Journal column that discussed learning Python using the Coconuts Problem. (It has to do with dividing a pile of coconuts among desert island castaways, and calculating the initial size of the pile. The programming challenge is to develop a brute force solution to the problem.)

I've spent the better part of the afternoon performing a BIOS update of my ASUS Pundit-R system. I finally found a procedure that works—and about ten that didn't. I'll describe how I did it, in the hope that it prevents somebody else from following my same path of agony. This procedure may be applicable to other systems, particularly those that use AMI BIOS and the AFUDOS BIOS flash update utility.

I recently released a utility called web-nsupdate that implements a lightweight dynamic DNS update service. Now that you've had a few days to download and unpack and install the package, here are some hints to help use it better: one on the server side and another on the client.

First, a hint for the server. In the installation directions (step 9) I describe how you need to modify the zone configuration to add a dynamic client. Here is a portion of the named.conf file that illustrates that change:

zone "example.com" {
	type master;
	.
	.
	.
	# add the lines below, one per host in the zone
	update-policy {
		grant web-nsupdate. name host1.example.com. A;
		grant web-nsupdate. name host2.example.com. A;
	};
};

Here is the hint: don't do it.

Earlier this year, I changed my residential broadband network gateway to a Linksys WRT54G running the OpenWrt Linux distribution. Back in July, I wrote about why dynamic DNS is useful to in this sort of environment, and my frustration that the nsupdate utility is so ill-suited to it.

The solution I described was to run nsupdate not on the WRT54G client, but on a remote server that has the MIPS and MBs to run it. I implemented a package called web-nsupdate that runs on the server and receives requests from the client to set its host address. Requests are performed as a simple web transaction.

Both non-profit and for profit organizations can benefit from open source software. Should open source advocates lump them together or treat them differently?

The question is not just academic. Yesterday, I met with some folks advocating open source software in Central Texas. Our immediate goal is to produce some event, possibly based on the Penguin Day concept. That's a type of workshop for non-profit organizations.

Now I understand why McAfee had a shrinkwrap license clause that banned people from criticizing their software. They'd be out of business if more folks knew how terrible their anti-virus software was.

I typically work on the server side of things. Recently I had to deal with setting up a Toshiba laptop with McAfee anti-virus pre-installed. It was a terrible ordeal, thanks to the McAfee software.

Today, I learned a couple of lessons in user interface design. Unfortunately, they were learned the hard way. Or, in other words, I sure fucked up that web site.

When you register for the Holidailies portal you must select a username and a password. They become your credentials to post to the portal. We normally have a few cases of forgotten logins on opening day. This year, however, we had a significant number of people—nearly 5% of the registrants—reporting login problems.

Link: Software Archive: better_spam_protect

In the Movable Type weblog system, the names of entry and comment authors often are linked to their email address. Movable Type has a spam_protect feature to protect these addresses against harvesting by spam spiders. This feature, unfortunately, is not effective.

A new plug-in called better_spam_protect provides improved spam protection. Javascript is used to produce email addresses, thus making it less prone to harvesting. Users without Javascript (and—hopefully—spam harvesters) will see the name, but not the email address.

Today, version 1.3.1 of the CATool private certificate authority and X.509 certificate management system was released. I'm the lead developer, so this has been my focus of attention as of late.

The 1.2.x series proved remarkably stable. That is, it did until DBD::mysql version 2 started getting widespread use. Even though it's been out since 2001, many Linux distributions continued shipping version 1.2 for some time after. A change in release 2.1006 (automatic reconnect was disabled) broke compatibility with a lot of perl programs that used MySQL. So, an update was needed.

While in there, I added the first significant new feature: the ability to import certificates generated by other systems. Add-on enhancements can be a test of the original design. Botches in the original design concept often show up here. If, however, the original database schema, object classes, and function libraries are well conceived, then the better the chances you can cleanly add new capabilities.

I'm pleased to say that I got it mostly right. I had to do a little backtracking and tweak a couple of database columns, but otherwise it all went in nicely.

So, if you need to setup a private certificate authority for intranet servers, client authentication, or other applications, I recommend looking into the CATool package.

I mentioned in a previous posting that I was drafted onto an SXSW panel. Here is what happened.

I ran into Hank Jones that morning. He mentioned something about dropping by his panel that afternoon. I responded, "Hrmm. Huh? Whatever. Ask me when I wake up." Remember, this is the morning that I lost my car.