Blackmoor Vituperative

Michael Widenius, the original creator of the MySQL database system, announced in a blog entry on Thursday that he has left Sun Microsystems and is launching his own company. He is unsatisfied with the direction of MySQL development and believes that he will be able to make more meaningful contribution to the software from outside of the company.

[…]

It’s unclear how this move will ultimately impact the MySQL community, but it seems likely that the outcome will be positive. Widenius clearly wants MySQL to have a stronger community focus and is also still committed to making technical contributions. The departure of the project’s two cofounders in the aftermath of the acquisition doesn’t reflect particularly well on Sun, but it probably won’t have any direct impact on the company’s business interests or MySQL development efforts.

(from Unsatisfied with direction, MySQL creator leaves Sun, Ars Technica)

I happened to stumble across this article vilifying so-called Daylight Saving Time. The article itself doesn’t really say much that I have not said before, but it does have quite a few links that you may find interesting, as well as this public service announcement against the costly and absurd practice of setting clocks “forward and backward and upside down”.

As a friend whom I know by the name “Eridah” recently said (speaking on behalf of Apple), “We can’t simply use iTunes as a file manager for a device, oh no. That’s too complicated for our userbase. No we have to only allow syncing. And only with one computer. And if you plug it into another computer IT WILL DELETE YOUR SONGS.”

iTunes sucks. So, if you have an iPod (as I do), what do you use instead?

First, replace the firmware in the iPod with Rockbox. And make sure you get some fonts and themes for it.

Then, use MP3 files, the most widely supported format for digital music. Everything under the sun supports MP3. It’s not that I think MP3 is the best format for digital music (there are formats with better compression, or better music fidelity, or both). But it is widely supported, and at 192 or more kbps, I can very rarely hear any difference between the original CD and an MP3.

Finally, use MediaMonkey to organize your MP3 files.

The Laser Avenger is an infrared laser with power levels somewhere in the tens of kilowatts range mounted on a Humvee off-road vehicle. It is designed to take down the smaller variety of UAV, which are hardest for conventional air-defence weapons to target.

The power of its laser has been doubled since 2007, when it was shown off destroying a stationary improvised bomb. Now it has tracked three small UAVs – the exact model has not been given – and shot one of them down. The laser tracks an object and holds fire until the target is close enough for it to cause burning with a single blast.

(from Truck-mounted laser shoots down spy drone, New Scientist)

I got a fun email today from Comcast (my ISP), saying they are blocking port 25, the port on which SMTP sends email, as a measure to fight spam. Isn’t that a kick in the pants? Of course, the only time I send email from home is when mortshire.org sends me reports. However, that is important, so I needed to find a way for mortshire to send me email with Comcast’s blessing. Thanks to Patrick Ben Koetter and Chris Fay, I have done just that.

1. In /etc/postfix/main.cf I added or changed these lines:

myhostname = annwn.mortshire.org
mydomain = mortshire.org
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain


relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=


2. I create a file /etc/postfix/sasl_passwd with the contents:

[smtp.comcast.net]:587 userid:password


where userid and password are my comcast.net username and password.

3. Next, I changed the ownership and permissions on the sasl_passwd file to protect it from unauthorized access.

sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd


4. Finally, I created a database file from the contents of the sasl_passwd file:

sudo postmap hash:/etc/postfix/sasl_passwd


There we go: postfix now uses the Comcast mail gateway, and operates on port 587 rather than 25 (because spammers would never be able to do that, right? Yeeeeaaaahhhhhh…).

(Note: this is Postfix 2.5.5 under Fedora 10.)

Cox has announced a new “congestion management plan” that they are starting to install in certain test markets. On the face of it, I can’t really find much to complain about. They say it will only kick in when traffic is congested, and it doesn’t forge failure messages (like Comcast was doing) or drop “problem” packets, it simply lowers their priority.

Initially, all the traffic on the Cox network will be divided into two categories: time-sensitive and non-time-sensitive. When the network is congested, time-sensitive traffic – applications or uses that are naturally intolerant of delay (loading web pages, instant messages, voice calls, email and gaming) — continues as usual. During that period, less time-sensitive traffic – applications which are tolerant of some delay — such as file uploads, peer-to-peer and Usenet newsgroups – may be momentarily slowed, but only until the local congestion clears up.

Below is a break-down of the time-sensitivity of the various types of traffic that travel the Cox network. Any traffic that is not specifically classified will be treated as time-sensitive.

Time Sensitive

* Web (Web surfing, including web-based email and chat embedded in web pages)
* VoIP (Voice over IP, telephone calls made over the Internet)
* Email
* IM (Instant messages, including related voice and webcam traffic)
* Streaming (Web-based audio and video programs)
* Games (Online interactive games)
* Tunneling & Remote Connectivity (VPN-type services for telecommuting)
* Other (Any service not categorized into another area)

Non-Time Sensitive

* File Access (Bulk transfers of data such as FTP)
* Network Storage (Bulk transfers of data for storage)
* P2P (Peer to peer protocols)
* Software Updates (Managed updates such as operating system updates)
* Usenet (Newsgroup related)

(from Cable, High Speed Internet and Telephone services in Cox Communications, Cox Communications)

Apple Introduces Revolutionary New Laptop With No Keyboard

An old friend asked me if there is something he can use with his iPod instead of iTunes. Check these links out:

MediaMonkey (Standard — the Gold version costs $20)

RockBox

If you use Rockbox, be sure you get the fonts and a couple of themes.

A quick list of what books I am reading right now, or intend to read in the near future:

• Characters & Viewpoint
• Description & Setting
• Dialogue
• How to Write Science Fiction & Fantasy
• Learning Nagios 3.0
• Manuscript Makeover: Revision Techniques No Fiction Writer Can Afford to Ignore
• Plot & Structure
• Practical Subversion
• Warriors & Warlocks: A Mutants & Masterminds Sourcebook

I need to read more fiction. I will start looking at novels or short story compilations after I finish with this stack.

TechRepublic has an interesting article that gives a brief explanation of the MD5/SSL exploit that was the cause of such panic last month.

On the surface, this “event” proves that it’s possible for an attacker to insert himself into the certificate acquisition process, resulting in wrongful authentication of visited sites. However, SSL might not be in as much danger as originally reported.

Yes, there are many CAs still using MD5 for at least some certificate signing. In fact, the rogue certificate used in this exploit emulated a VeriSign RapidSSL cert. TC TrustCenter AG, RSA, and Thawte Inc. also still use the vulnerable hash function. But there are four significant mitigating factors.

1. Most enterprise-class certificates, such as VeriSign’s Extended Validation SSL Certificates use the still secure SHA-1 hash function.
2. Certificates already issued with MD5 signatures are not at risk. The exploit only affects new certificate acquisitions.
3. CAs are quickly moving to replace MD5 with SHA-1. For example, VeriSign was planning to phase out MD5 by the end of January 2009. The date was pushed up due to the December proof of concept. On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures.
4. The researchers did not release the under-the-hood specifics of how the exploit was executed.

Again, these are mitigating factors. It isn’t impossible for cybercriminals to come up with an attack on their own now that conceptual understanding of approach is public knowledge. But SSL is not broken. The only thing broken is a portion of the public key infrastructure (PKI) which underlies it, and the risk is manageable.

(from The new MD5/SSL exploit is NOT the end of civilization as we know it, TechRepublic)

I do not pretend to understand the mathematics behind much of this, but I find it all very interesting, nonetheless.