Here’s the classical Ubuntu logo in 3D (interestingly provided by the alias ilovewindows 8) – click on the link for more of his artwork).
Posted in linux, ubuntu, wallpaper | Leave a Comment »
Some political standards processes can be curiously slow. ODF 1.0, going through a fast-track procedure (rubberstamp, if you will), spent about a year in ISO, from submission to publication – and that with a strong consensus backing it, as well as (as far as I can tell) a truly open and thorough process preceding it in OASIS; public mailing lists and all. This is about as good as it gets in that context, but don’t let me spend too much time on that glorification.
Enter the submission of OOXML (ECMA-376) shortly after the publication of ODF (see the timeline provided by Rob Weir at IBM), and it’s closer to a two year period, beginning with formal protests (contradictions) that were set aside, followed by a vote to disapprove, followed by a contested fiasco of a BRM.
Out of more than 1,000 known errors of varying complexity presented there, only about 200 were resolved in any way (this took a week, even after legally questionable procedures were applied). Following this, there was a sort-of-vote1 for approval, followed by appeals, and recently a week-long silence from ISO on whether the appeals will be considered or not.
The bumps should not be surprising considering the relative (lack of) justification for, and quality of, the proposed standard, the closed process in Ecma and the hijacking of ISO to approve that outcome. So, one keeps wondering how a fast-track process is deemed to be appropriate for a 6,000 page proposal, developed behind closed doors and in practice being pushed by a single entity.
Looking at it from another direction, does it make any sense to call it “fast-track” after all this time? One of the most interesting aspects here is that the breaks, where there are any, seem to be rather poor – so far they have only managed to slow things down, but not to stop them. I would suggest a maintenance check, or somebody is going to get hurt.
In this moment, it seems quite likely that ISO has already rejected the appeals. The odd thing is that it seems they should have been available to the ISO TMB on Aug 4, and we have yet to see any official response. Is ISO lagging behind, working on PR measures? Maybe they are still using typewriters over there?
ISO, in case you are reading this: don’t sit up all night pondering how to best articulate all nuances of “these appeals have no ground, and we are not aware of any procedural problems…”; try something more concise, such as: “black is white, so we can’t see anything”. To the point, don’t you think?
Well, they would surely need some breathing room in any case; regardless of the decision, it is sure to raise many uncomfortable questions for ISO.
So, what will happen to OOXML? Will ISO publish it as a standard? If not, when will it end?
More importantly, what will happen to ISO? Without serious reform and actual transparency, can it be taken seriously by the community in this light?
Update 15 August: ISO took only 11 days to publish their decision to reject the appeals and proceed towards publication of OOXML. Congratulations for the speedy response! Let’s see where this goes…
Footnotes:
1 Earlier votes would count unless new ones were submitted. This certainly had effects on how the game was played.
Posted in ecma, iso, odf, ooxml | Leave a Comment »
It seems I am a little back(b)logged here. (Sorry.)
Anyway, here are some of many interesting recent events:
- I went to Japan! I was there for 10 days with fellow Computer Science students; mostly in Tokyo, but my trip also included a short stop in Kyoto. If I should include any random thoughts about the journey, I would mention the Firefox ad in the metro, featuring a fox in a boxing ring. Very curious… π
- When talking about Japan, I simply have to include a ninja reference, no? Well, here you go: watch Ask a Ninja, net neutrality.
- The DNS bug. It can have many interesting security implications, as this Flash movie suggests. (Thanks to Xavier for pointing to this site.)
- The patent establishment makes fools of themselves again: our beloved European Patent Office says that software is an “ambiguous” term. (
I do not know about original references yet, sorry, maybe this is only available in printed form so far.Link.) Apparently some software is more equal than other software, and deserves Patents to cover it. Here is a Digital Majority post about this.
Enjoy!
Posted in dns, japan, net neutrality, patents | Leave a Comment »
Update 2 Aug 2010 09:26: replaced two Wikipedia links.
… and how to avoid a pitfall on some Dell PowerConnect equipment. On that note, I haven’t yet managed to get this working in VMWare (Server 1.0.5, and Workstation 6.5 Beta, I believe) on Linux, using some host-only interfaces. It seems the switching mechanism gets things mixed up a bit.
So: in order to add redundancy to (say) firewalls, one could use such a protocol as VRRP. Unfortunately, Cisco has claimed patents on it, leading the OpenBSD developers to implement a similar system, called CARP.
The basics are relatively simple: instead of a primary and a secondary firewall to use their own MAC addresses for routing, we create virtual interfaces on each firewall, with corresponding MAC addresses that are used on both firewalls.
In the simple setup, only one firewall would be active at any time, meaning that you could bring down a firewall, upgrade it, and bring it back up, all without anyone noticing. Done right, the traffic is transparently routed through any of the two firewalls, and downtime is measured in seconds at the most.
Imagine a small example, where we want to replace one firewall with two network cards, with a redundant set of two similar ones; let’s say we have an external network (the Internet), and our internal network. We reserve some IP addresses for the new redundant set:
External addresses: (physical card: em0)
100.0.0.1 = Routing (CARP)
100.0.0.2 = Firewall 1 (master)
100.0.0.3 = Firewall 2 (backup)
Internal addresses: (physical card: em1)
200.0.0.1 = Routing (CARP)
200.0.0.2 = Firewall 1 (master)
200.0.0.3 = Firewall 2 (backup)
(In practice you may not need individual addresses on all interfaces with CARP, but let’s work with this for now.)
Addresses for pfsync: (assuming a crossover cable here, so basically any unique addresses can be used)
10.0.1.2 = Firewall 1
10.0.1.3 = Firewall 2
Note: pfsync does not keep track of the rules in pf.conf, only the actual user sessions registered on the firewalls.
We’ll need to edit numerous files in /etc on each firewall:
pf.conf – add:
pass quick on { em2 } proto pfsync keep state (no-sync)
pass on { em0 em1 } proto carp keep state
sysctl.conf – uncomment:
net.inet.carp.preempt=1
This ensures that if even one interface on a firewall fails, the second firewall (if intact) will take over.
hostname.em0 – add:
inet 100.0.0.2 255.255.255.0
to the first firewall, and:
inet 100.0.0.3 255.255.255.0
to the second; similarly for hostname.em1 use 200.0.0.2 and 200.0.0.3.
hostname.em2 – add:
inet 10.0.1.2 255.255.255.0
to the first firewall, and:
inet 10.0.1.3 255.255.255.0
to the second.
hostname.carp0 – add:
inet 100.0.0.1 255.255.255.0 vhid 1
to the first firewall, and:
inet 100.0.0.1 255.255.255.0 vhid 1 advskew 100
to the second; similarly for hostname.carp1 on both machines, but with 200.0.0.1 and vhid 2 instead. It is interesting to note that we don’t have to say that carp0 corresponds to em0, and carp1 to em1; OpenBSD can figure this out from the IP addresses and netmasks.
hostname.pfsync0 – add:
up syncif em2
on both machines. We can also get this running live without rebooting. Let’s kick in the backup node first: (it is assumed here that pf is already enabled and has rules loaded into memory, and also packet forwarding is in use on both firewalls)
firewall-2 # sysctl -w net.inet.carp.preempt=1
firewall-2 # sh /etc/netstart
firewall-2 # ifconfig carp
You should see that all CARP interfaces display MASTER, since firewall-1 isn’t up yet.
firewall-1 # sysctl -w net.inet.carp.preempt=1
firewall-1 # sh /etc/netstart
firewall-1 # ifconfig carp
Again, you should see that all CARP interfaces display MASTER (and, obviously, BACKUP on firewall-2), since it’s advskew is lower (0) than on the backup node (100). Note: setting the advskew to higher values than 240 will probably not work. You’ll see what I mean. π
Fun thing to try on another machine, when failing over from one firewall to another:
watch traceroute 100.0.0.1
There are some other things I could go into, but let me just make a note on Dell equipment:
As I mentioned, fail-over from one firewall to another is supposed to take seconds as the most (depending on advbase (default: 1) and advskew), even if you disconnect cables randomly from one firewall, cut the power to the machine, or attack it with a raygun. As soon as one firewall stops talking to the other on one of the interfaces, the second one will prepare to act in its stead.
Why, then, doesn’t it work on some Dell PowerConnect equipment, for instance? Well, it seems the RSTP mechanism gets confused by the shared MAC address, resulting in having (say) two master nodes, and the situation may take as much as 30 seconds to stabilize, if not more (or if at all).
The answer is that you should be able to turn it off for the ports where the firewalls are connected. Considering a case where both firewalls are connected to the same switch (using a different VLAN for each interface, for instance), it should be safe to do so.
Happy fail-overs!
Posted in bsd, redundancy, unix | Leave a Comment »
Is Microsoft admitting to using Fear, Uncertainty and Doubt? Either their Live.com engine is a bit weird, or there’s some curious honesty here. Judge for yourself… π
(Source: http://www.microsoft.com/en/us/default.aspx – search for “fud”. Tip from comm2k.)
Posted in fud, microsoft | Leave a Comment »
Some files were walking about in peace, when suddenly they started screaming:
– Watch out, watch out! /bin/dd is coming!
One of the files then said:
– I’m not afraid, I’m /dev/null !
The file stood alone as /bin/dd came closer. Finally, the program stood inode to inode with its enemy:
– You’re doomed!
– Don’t you know who I am? You can’t touch me!
There was a long silence, and then /bin/dd said with a dark voice:
– dd if=/dev/zero of=/dev/sda
(This is based on the ex theme from circles of mathematics – don’t say I didn’t warn you. (Apparently this is before the era of udev. On an additional note, no binaries were harmed in this excercise as they were located on a different drive.))
Posted in mathematics, unix | Leave a Comment »
American Civil Liberties Union has filed a brief about free speech issues of an application for an abstract patent. FFII says hi; it’s great to see a major civil rights organization to bring this up in the patents sphere. With enough exposure, hopefully the insanity of business and software patents may come to an end some day…
Posted in aclu, censorship, ffii, patents, politics | Leave a Comment »
ISO has now rendered a decision, and the fight over OOXML could be over soon. Specifically, while there have been no reported irregularities, countries have available another two months to raise concerns. Apparently e.g. Norway has already done so, but I’m sure that misunderstanding will be cleared out shortly.
In any case, there are many good things about OOXML that I don’t know where to start. (I need to double-check the exact meaning of “open” and “XML”, but at least the “Office” part seems clear to me, which suggests a high quality work here.) Indeed, one of my favourite aspects of this standard is its simplicity. For instance, one can safely focus on its two major use cases, namely when:
- you own Microsoft, or
- Microsoft owns you.
Actually, this is a rather strong statement, since it has yet to be proven that anyone is currently using or implementing any version of OOXML – especially Microsoft themselves, who apparently are a bit slow on that. No worries though – it’s a standard now, so surely it’s not that important.
I wish ISO and Microsoft best of luck with all the upcoming, exciting standards projects. Clearly, we can expect even better processes that provide for a modernized approach with honest and high fidelity works. We can all thank ourselves for being part of this proud and happy family. π
Posted in iso, microsoft, ooxml | Leave a Comment »
(About the move of my blog: it was in part due to buggy Blogspot code, but now I also have a more flexible solution. Overkill at this point, maybe, but that’s me. π )
I’ll go to FOSDEM this weekend (where the former President of the FFII will be speaking), and hopefully see Richard Stallman come here next Tuesday.
Next week is the BRM for OOXML, and I wouldn’t want to be in Alex Brown‘s shoes. Maybe the meeting itself won’t be so dramatic – no press allowed there, for one thing – but it’ll be interesting to see just how much bullying ISO national bodies are going to take from Microsoft, I mean ECMA. Basically, the strategy has changed from “OOXML is a perfect standard, and there isn’t even as much as a spelling error” to “look, since we’re good guys, we’ll include your idea too – now there are at least two ways to do everything”. To use a car analogy (sorry):
You: This car is not working, the engine is broken.
ECMA: How do you know? Let’s give it some time.
You: It is broken, alright.
ECMA: OK, look. We added a new one.
You: Doesn’t work.
ECMA: Yes it does. Start both engines.
You: I told you, the old one is broken. Why didn’t you just fix it?
ECMA: Come on, one of them is new, isn’t it great!
All that is missing is a press release from SCO that endorses OOXML. (Oh, is it flying pig season again? The fine company that made up random lawsuits about Linux, then went through bankruptcy proceedings, is now getting $100 million in support. Maybe I have been focused on the wrong career?)
Posted in brm, fosdem, linux, ooxml, sco, stallman | Leave a Comment »
IT and politics 