Go on Rupert, put up that paywall.

I’m sure I can’t be the only person who wishes that Rupert Murdoch would quit banging on and on about how he’s going to put up a paywall around his websites and block off google, and just friggen do it.

Frankly, I can’t think of a better way to bring another period of enlightenment to humanity than to have Rupert’s gaggle of conservative and sensationalist rags locked up where no-one will see them.

I can’t see how it’s going to work, though. Newspapers have never made their profits from their cover price (which pretty much only covers the cost of distribution). Instead, it’s been the advertising they carry – particularly the classifieds – that pays for the journalism (I use that word loosely here). So if Rupert is planning to recover the money lost to sites like Ebay and Seek by charging internet readers, then the price is going to have to be considerably higher than what they’re asking for the dead-tree editions right now. Is anyone really going to pay through the nose for the Herald-Sun when the ABC’s news is free online?

Redmine packages for Debian and Ubuntu

Redmine is a web-based project-management / bug-tracking tool, much like Trac, but so, so much better. Unfortunately, like so many web-based projects, there doesn’t appear to have been much thought given to installing it on live, production systems – the general idea seems to be to unpack it in a random location on your server’s filesystem and run it from there. Most sites I know would baulk at the idea of this, so I’ve created Debian and Ubuntu packages for it.

They’re a little kludgy, at this stage – it seems to me that Ruby-on-Rails goes out of its way to be difficult to Debianise – but they work, nonetheless, and make installation fairly straightforward (although there are still manual steps involved – be sure to read the README.Debian). The packages depend on Mongrel, a small Ruby webserver; I tried getting Redmine to run under Apache, but running it with CGI was far too slow, and making it work with fastcgi appeared to be an exercise in futility.

A plea to Optusnet sysadmins: Usenet

There must surely be some system administrators from Optusnet who read Planet Linux Australia. If there are, could one of you please drop a comment (anonymously, if you need to) into my weblog about your news server?

The Optusnet Usenet news server has mysteriously stopped receiving new posts a number of times this year. Every time it has gone down, it has been off the air for at least a week, sometimes two. It has now happened again.

There is rarely any acknowledgement of the problem to customers, and dealing with the Optusnet helpdesk is an exercise in futility; take for example the response given to a user on the Whirlpool forums:

“I got a reply from technical support about this. They recommend power cycling my modem.”

Those two sentences indicate to me that the person on the helpdesk probably doesn’t even know what Usenet is.

I’ve sent in a note to the helpdesk also, but from previous experiences, I know I won’t get a response for several days and I have my doubts that it will even get to the right place.

Now, I know it’s likely not to be your fault. I’ve worked for a big ISP myself, and I understand the pressures and the lack of interest that management have in Usenet and the hardware that goes with it. But I’d just love to know what is going wrong with it so often, and whether the helpdesk messages ever even make it to the sysadmin section…

How to bypass Australia’s forthcoming internet filter.

Just so that it is blindingly obvious how easy it will be to work around Australia’s impending ISP-level internet filter (which, I might add, is expanding its blacklist ever further), I thought I would sum it up in three simple steps. It’s not the cheapest way to bypass a filter – and the information below isn’t going to be new to my blog’s regular readers – but from where I stand (as someone who has access to an offshore Linux server), it certainly beats messing with Tor.

  1. Obtain an account on a Linux or similar Unix-like system in a country outside Australia, preferably one without reactionary politicians who are trying to curry favour with a conservative religious party that shares the balance of power in parliament. If you can’t get access to a server for free, then there are plenty of low-cost virtualized hosting sites such as Mythic Beasts (User Mode Linux) in the UK and Linode (Xen) in the US.
  2. Use ssh’s application-level port forwarding and log in to your new remote system. ssh will act as a SOCKS server on your local machine:
    ssh -N -D 1080 your.remote.host.co.uk

    Under Windows, you can do this with the ssh client provided in Cygwin. I would imagine that Putty provides a similar feature.

  3. Configure your web-browser to talk to the ssh socks proxy on your local machine. For Firefox users, this would mean going to Edit -> Preferences -> Advanced -> Network -> Settings, choosing “Manual Proxy Configuration” and putting localhost and 1080 in the SOCKS fields, and then selecting SOCKS version 5. You can now browse as you would normally, and all HTTP requests will be sent from the remote host, and all Australia’s internet filters will see is a stream of encrypted ssh traffic.

Of course, I am assuming that the Australian government doesn’t plan to block ssh connections out of the country. It would be almost amusing to see the smouldering ruins of Australia’s IT industry if they tried.

104000 ignorant voters

While I don’t want to divert attention from today’s thorough repudiation of eight years of neoconservative, fundamentalist Christian wingnuttery, it has to be asked: what the frell were 104000 Alaskans thinking when they voted for Senator Ted Stevens (and likely re-elected him), when he’s just been convicted of seven corruption charges? Very short memories, sheer bloody-mindedness, or – as I suspect – blatant ignorance?

Geez. And people wonder why I have so much contempt for backwards, rural communities.

I’m intrigued…

…as to just how the UK government’s Communications Data Bill is going to work, and how it might affect my own server, which is a slow little user-mode-linux installation, sitting in a London datacentre.

Are they just going to snoop all SMTP traffic, and suck the From and To headers from that? Good luck with TLS-SMTP…

Will they by requiring everyone who runs a mail-server to keep their logs for later inspection? Logs are easily faked or changed, so there wouldn’t be much point in that.

Perhaps they will only target ISPs, and ignore small-fry individuals running their own mail-server? That’s not going to achieve much; I’m sure that it is not beyond the capabilities of the average terrorist organisation to run their own mail-server.

Or maybe anyone running their own mail-server will be obligated to install a closed source mail filter that submits logs to a central server somewhere? Easily overridden, of course … and I hope they provide me a binary for my future mail-server, which I intend to be running NetBSD on an SGI Indy.

Maybe mail-servers will just be declared too dangerous for the average peasant to operate, and will be legislated out of existence, forcing everyone to sign up to a mass-mail provider somewhere (yes, I’m getting silly now, but then, so is the notion that this legislation is workable).

Whatever option they take, it strikes me as a very large invasion of privacy, which is more likely to affect the innocent than those who may be planning on committing crimes…


Well, for those looking (desperately) for any upside to the world’s current economic issues, then perhaps some might feel better knowing that Nordic holidays need no longer cost an arm and a leg:

Ouch! The BBC has what seems to be a good explanation of what is going on there, at least to someone economically illiterate like me.

Backward steps.

Myki is the Victorian government’s answer to NSW’s T-Card; an expensive white-elephant, highly likely to end up on the scrap-heap and with a cringe-inducing name that presumably marked the high-point of the career of some pony-tailed marketroid.

Myki is supposed to make the public transport user’s life easier, by being a contactless smartcard with the ability to always calculate the lowest possible fare for any given journey (I imagine whoever came up with this line was turning a blind eye to the likely cost of $15-$20 per user for the privilege of being able to hold the card itself).

Unfortunately, Myki’s mode of operation is going to make travelling quite inconvenient. If it ever passes its trial (conveniently chosen to be performed in Geelong, where they only have one bus, whose sole purpose is to transport workers between the Ford factory and anywhere-but-Geelong), travellers will not only have to validate their ticket when starting a journey, they will have to “tag off” when they complete it, or they will be charged a higher fare. Brisbane’s Go-card system (what is it with these marketing people?), which started not all that long ago, operates in a similar way and has resulted in an absolute killing for the government’s annual revenue.

Ultimately, the part that annoys me most about this is the social engineering of commuters; forcing users to adapt themselves to the system, rather than making the system fit them. If they have a ticket that is already paid for and valid for a period of time, then they just want to get on a frigging tram and sit down, preferably a long way away from the derro inhaling solvents on the back steps.

And when they get to their destination, they want to get off. Quickly, and easily, without being stuck behind the old dear who has lost her ticket somewhere in the bottom of her handbag, probably underneath that pile of used tissues that she’s pulling out right now.

Validating tickets at every turn makes that a pain. And if the government isn’t willing to put conductors back on trams, or staff back in railway stations, then no amount of money spent on technology is going to halt fare-evasion in Melbourne. Those people who don’t want to pay will continue to play gestapo-lotto with the roving thugs ticket inspectors and probably come out ahead.

Furthermore, one of my favourite bloggers, Daniel Bowen (who just happens to be the President of the Public Transport Users Association in Victoria) has noted that transitioning towards Myki is also going to herald another retrograde step. Melbourne’s weekly, monthly and yearly tickets have long had a nice lurk in that they are valid in all zones over the weekend. From January 1st, 2009, this feature will be gone.

I can’t see this doing anything to improve Melbourne’s weekend traffic congestion which, at least from my admittedly non-participatory point-of-view, appears to be worse than it is on weekdays and doesn’t even ease up in the middle of the day (at this point, insert standard complaint about soccer mums, four-wheel drives and private school Saturday sport. Make the bloody kid walk to his soccer match, Mrs Robertson-Smythe).

Lynne Kosky, expect a piece of my mind in your mailbox very soon.

Security by idiocy.

I don’t know who came up with this idea, but they’ve just wasted about six hours of my Saturday: dynamic firewalling on a VPN network. It appears to block access to tcp ports, on the fly, if there’s nothing listening at the remote end – and then leave them blocked for an extended period of time. So, what happens when you shut down a three-node Oracle cluster for some maintenance? Some users – or other automated processes – try to connect to them while they’re down, and when they come back up again, no-one can connect at all.

This is then followed by a long, frantic attempt to prove that nothing has changed on the servers between reboots, because “this was all working fine before it was rebooted and now it doesn’t work” is rather hard to argue with.

So, thanks large-telco security people. I only had four hours’ sleep last night, and today I didn’t even get to see daylight.

I only want one gxine.

gxine is my Linux media player of choice, partly because it’s nice and light, but mostly because it just works, unlike certain other players which will remain nameless. It has a nice feature that allows only one instance of it to be invoked on any one desktop, so if you play a number of files/streams from external applications, you don’t end up with multiple copies of gxine running.

Unfortunately, for the last few months, this feature has been broken in Debian (and Ubuntu too, so it seems … and now that I look at it, the problem comes from upstream). A bit of a look into the code shows that the reason for this is that at some point, gxine moved its configuration files from $HOME/.gxine/ to $HOME/.config/gxine/ – a bizarre location which just reeks of GNOME or some other overly-pedantic committee – but the server code has been left in the old location, and hence the socket for communication can’t be created.

The following (trivial) patch fixes it:

diff -urN gxine-0.5.903/src/server.c gxine-0.5.903.fixed/src/server.c
--- gxine-0.5.903/src/server.c  2008-08-08 20:29:48.000000000 +1000
+++ gxine-0.5.903.fixed/src/server.c    2008-02-12 04:18:45.000000000 +1100
@@ -40,7 +40,7 @@
 #define LOG
-#define SOCKET_FILENAME "%25s/.gxine/socket"
+#define SOCKET_FILENAME "%25s/.config/gxine/socket"
 #define BUF_SIZE        1024
 static int       gxsocket;