Older blog entries for mjcox (starting at number 97)

<mjcox> sessions by cox <faqtoid> Found 1 session (for event '2003/US'): <faqtoid> TU13, "Apache Security Secrets Revealed" (Mark Cox), 14:30 Tue

So it looks like I'll be out in Vegas for ApacheCon 2003!

A couple of months ago I was playing with bluetooth - It actually was pretty easy to add a new accessory menu and a perl state engine to allow me to do cool things like dim the lights and get the temperatures and send short messages to the tv via tivo. I kind of lost interest in it and so whilst it works perfectly it doesn't detect you arriving or leaving with the phone, and leaving bluetooth on all the time tends to drain the battery. A few folks asked me how I got bluetooth working with Red Hat Linux 9 (the answer is to cheat and use the bluez packages out of rawhide)

Also this month I got elected to the board of directors of the Apache Software Foundation. Actually I had no intention of standing, but got nominated and seconded before I realised so decided I had nothing to lose and wrote up a manifesto. The new ASF transferable voting system that not everyone understood, and my surname being close to the start of the alphabet may have helped skew the votes - but none the less I was voted in and intend to make the most of it to advance the goals of the foundation.

Our new bathroom finally got installed and I couldn't resist adding in extra cables in the new ducts between rooms - so now behind a panel in the bathroom we have various cables and power - quite fancy doing some network streamed audio in there and putting some marine speakers in the ceiling, low quality but the noise of the whirlpool and extractor fan will drown out the imperfections anyway.

Preparing for LinuxWorld - it will be good to be in San Francisco again after so many years away.

This month I decided to play with bluetooth for fun. I bought one of the MCI class-1 USB bluetooth dongles and spent a little time getting the bluetooth utilities supplied with Red Hat Linux 9 working. It certainly has potential, using AT commands I can remotely create menus on my phone, capture key presses, capture and send sms, monitor call progress and much more.

So the plan is that when I enter the house I'll get a new menu on my phone letting me control the lights and stuff, with incoming calls and SMS displayed on the tv/mp3 player and so on. I couldn't find anyone who has interfaced a jabber client to a t68i so I'll have to write that bit first. The other problem is that the bluetooth stuff works fine when it works, but take the phone out of range and nothing notices - so it'll need a bit more effort to get it reliably detecting phones coming into and out of range.... anyway it'll be a fun month.

My paper on "Security Response and Vendor Accountability for Open Source Software" was accepted for Linux World 2003 in San Francisco and I'm giving a similar talk at Linux for Business in London on the 10th June. The role of the open source vendor is often neglected when folks talk about the security of open source software.

House modifications are coming along well, with updates to the Home Automation security software (a few suprises for any intruder), and some large black marble balls on a rockery out the front. Tracy has been spending a few days pressure-washing the driveway which is fun apart from the occasional lump of sand that gets blasted at random parts of your body. Sand in your nose is quite annoying.

Had an interesting week wading through vulnerability details and the various advisories which never really seem to match the facts. Take one Linux vendor for example who got confused about the Oracle mod_dav vulnerability and, even though they were not affected by the vulnerability, released new Apache mod_dav packages. To add to the confusion their newly released errata packages had actually added a patch which added in the vulnerability. So they started out not vulnerable, but then released a patch which was meant to remove the vulnerability but actually really made them vulnerable. No wonder folks are confused. Wrote a bit of a rant about it in Apache Week this week.

A large number of people came to a party at the house last night and I woke up sweating and wondering how they broke the automated heating system - it should default to 'off' if it breaks. According to the logs some wag decided to set the temperature to 27.5C (although the heating system tried all night it never made it above 25). Need to have some sort of 'party mode' that locks certain operations and perhaps a more sensible maximum than 29C.

It's strangely hard to get the builders that visit the house to give quotes. I'm not sure how I scare them off. After another Saniflow event (some plastic got stuck but Tracy fixed the unit) we decided to get some quotes for fixing up the bathroom, running a proper waste drain, and throwing away those horrible little pumps, or at least making them only deal with one of the toilets so we don't end up unable to do washing each time they break. Unfortunately that involves running a pipe along about 20ft through three rooms and four breezeblock walls. The first quote came in at about double what I expected, so thats put the plans for buying a new espresso machine on hold (a Rancilio Silvia, lovely looking machine). Working toilet and bath or nice coffee? In the meantime it's finally time to get around to taking out a small claim against the sanipump repair folks who, after 12 months, still have yet to return a fixed unit.

Back in December I said how much difficulty I had with Scottish Power and how they should come and ask me why I was switching and try to be nice to me? Well I wonder if they read Advogato as two nice representatives came around to apologise and ask me if I'm sure I'd like to switch. Since I'll be saving £300 a year by switching and they can't match that the answer was no, but at least they now have some valuable data for their marketing department.

More work on Home Automation continues, and I've had a couple of builders in to estimate repairing the various faults in the house. I still need to find time to analyse the vibration in the southern rooms - the magnitude not only varies on temperature (which implies to me some problem with some of the road repairs which are different materials) but also seems to vary proportional to wind speed, wacky!

Back to work on Monday, but this holiday I've managed to avoid getting into doing real work by playing with the home automation system. I've now finished the conversion of all the components to Jabber bots, written a control client, and got all the one-wire Dallas switches and sensors up and running. some screenshots are available

A hope Google extends the shopping idea to the UK; I've wasted too many days this holiday looking for stuff for the house - just trying to find the right table for our kitchen took two days - I just want to search for a round glass 90-110cm table plus four chairs for under 400 pounds and click on 'buy me'.

Just like you have a choice over which vendor you pick for your copy of Apache, in the UK you have a choice over which electricity supplier supplies your electricity. In both cases the end product is the same no matter where you get it. I've got the ability to choose my supplier.

I wanted to switch gas and electricity suppliers after working out I could save over £300 a year with a different company. I was going to switch a long time ago, but with this being a new house it took the current electricity company over 8 months just to *find* which meter was supplying me (they didn't believe me when I told them my meter serial number and came out to check it on three separate occasions!). Anyway this company really isn't happy I'm switching and they want to make it as hard as possible to do so - by sending letters dated 13th December but that mysteriously don't arrive until the 17th telling me I have until the 18th to give them £13 or they'll stop the transfer, having customer service reps who are really happy and helpful up until the point they see you're leaving then making it difficult and painful. Customer service, even when you're leaving a company, is important.

Rather than being hostile they could ask me why I'm leaving, wish me luck, and act efficiently, so that if the new company doesn't work out I'd be happy to switch back to them. Leave me with a positive lasting impression. How about sending me a "We're sorry you're leaving" card in the post perhaps with some tick boxes "what could we do to win you back"? Thats the most valuable marketing data a company could hope for.

8 Dec 2002 (updated 8 Dec 2002 at 18:40 UTC) »

All I wanted was a simple way I could record my 40 or so old VHS tapes into MPEG2 video for writing to DVD. After another 4 hours trying to get the Hauppauge PVR card up and running I gave up and went to buy a new motherboard. A7V8X looked like a nice board, felt like a nice board, but also didn't work right with the PVR card. So I think it's time to return the PVR card and wait for some more mature technology to come along (and ideally something that worked with the videolan Linux stuff).

PCWorld stores may be 15-20% more expensive than buying on line but theres nothing like being able to look at something and easily take it back!

Joined EFF. Should have done this years ago.

I decided that my collection of VHS tapes were slowly wearing out along with my 10 year old video player and that I'd do something about it - convert them all to DVD. I've been playing with this in the past but capturing and converting to Mpeg2 just takes so long its never been worth it. Enter the Hauppauge WinTV-PVR 250 which has a hardware MPEG2 encoder on board - basically it can capture, not use up all my CPU, and write out shows in a format I can put straight onto DVD. Sorted.

Well okay, so it has to work with Windows. I have a Windows XP machine that gets used from time to time but I really wasn't expecting to have to spend over 6 hours to get close to having the board working correctly. Along the way I found the reason why my XP machine wasn't booting every time (the Netgear FA311 card doesn't work well with Athalons), why my SB Live! only appeared sometimes (it wasn't sitting flush into the motherboard - ouch), the source of some strange glitches (the iPanel doesn't work well with WIndows XP) and a number of updates for the VIA chipset, ASUS graphics card, AMD bridge, ASUS supplied BIOS, etc etc etc.

So now I have a machine that can almost record videos - it just has an annoying glitch in the audio every minute or two, which the Hauppauge site puts down to the VIA chipset although I followed all the advice, and no reply from tech support yet (only 1 day waiting so far).

My Christmas tree is now X10 controlled, which means the lights go on and off when it's dark but also you can stand outside of the room and use a remote control to dim the lights. I'm not sure what use this is apart from managing to confuse all our guests who think it's spooky that the lights flash each time they say a particular word.

88 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!