The crux of the story is that the major U.S. airlines are shifting their schedules a little so that there will be fewer overall seats available throughout the U.S., despite stronger demand than last year. Such changes are not being made in their International schedules.

Part of the numbers come from switches to smaller aircraft, some are from schedule changes that will have a smaller total number of flights on some routes and other routes may be eliminated.

I also found it interesting that Delta Airlines, which I fly more often than all others combined, is the only major airline that is leaving their capacity and schedules virtually unchanged, with only a 0.6% overall U.S. routes capacity decrease planned for January 2008.

The biggest problem that could occur, whether you are flying with an airline that is making large changes or small, is that hiccups could take a day or two, rather than hours, to resolve. Such issues could bleed into other airlines, as cross-pollination can and does quickly fill the few available seats still open on all the other airlines. Given all of the problems that Northwest Airlines has been experiencing this year, I would hope that they don’t cut back too far. Granted, things are better at Northwest than they were in June of 2007, but the end of November continued to show larger numbers of cancellations than should normally be expected.

Obligatory quote:

At the strategic level, coalitions involving tens of thousands of players struggle for months over strategic objectives or simply to wipe out their enemies. For at least a year the most powerful group in Eve has been an alliance known as Band of Brothers, a self-appointed evil empire with the stated objective of taking over the galaxy. Against them is arrayed a motley batch of self-styled freedom fighters with names like the Red Alliance (mostly Russian), Tau Ceti Federation (mostly French), GoonSwarm (mostly obnoxious) and the Interstellar Alcohol Conglomerate (mostly drunk).

First, when I was updating my wife’s blog, I got all in a hurry and forgot to make a backup of the database first. Then, when I connected to the wp-admin/upgrade.php script and clicked on the Upgrade WordPress button, all hell broke lose. I had DB errors left and sideways (thankfully, not quite right, though). At that moment, I realized that, “I could really use that DB backup right about now.” Well, I didn’t have it, so I tried the export function from the admin interface and that worked. At least I had her posts (there was a brand new one, too, which wasn’t in the most recent backup file that I did have).
(more…)

I’ve run into trouble here and there as the Livna folks keep pulling RPMs from their repos for older versions of the kernels. At the very least, they should leave the kmod-* packages in there for the original kernels that shipped with each release. Then, people can install a release and get a good driver. I had to wait for about 3 weeks after I first put F7 on my home workstation (dual AMD Opteron) before I could get the nVidia driver from Livna because they didn’t have one for the older kernel packages and the newer kernels weren’t booting (turned out to be malformed initrd files, which I later fixed).

Yes, I understand that they take up some disk space, but it’s not really that much perhaps 100M per release to keep all kmod-* packages and their dependencies around.

Livna, if you’re listening, please, give us all the driver packages and don’t remove them. You don’t know which kernels are working for people and which aren’t, so you could really be making things pretty difficult for people.

I have a Logitech bluetooth mouse that travels with me. I use it with my notebook computer, as I’m very, very not fond of trackpads. My favorite is the “TrackPoint” or “Eraser-head” mouse built into the keyboard, but this notebook didn’t come with one. Supposedly, I can buy a replacement keyboard from HP that includes the eraser-head pointer, but I have not yet done so.

When I wrote about installing Fedora 7 on this notebook (and now installing Fedora 8), one thing which I never documented was how I got the bluetooth mouse working with Linux (under F7). Now that I installed F8 from scratch, I need to set it up again.

When I installed F7, I spent hours dog-paddling through Google searches and horrible documentation and still hadn’t figured it out. Then, my friend and co-worker, Clint Savage (a.k.a. Herlo) popped into the office. It was him! He’s the one who has the exact same mouse as I do; I knew I’d seen it somewhere before I had bought mine. So, I asked him. He smiled and laughed, saying, “Not finding much useful documentation out there, eh?” He’d been through the same thing as me. He was impressed with how far I’d gotten through that process and estimated that I was probably 1-3 hours away from finding it myself, if I continued to follow the pattern he had. Well, he shared the information with me.

The good news was that it was pretty easy to get my bluetooth mouse talking with my bluetooth equipped notebook, just not really documented anywhere that one could point to just one thing (boy, I wish I’d documented those commands in a blog post; I’ll see if I can do just that next week, when I’m back at the office). The bad news was that one of them had to be run every time he started his computer. So, I put that command into a /root/bin/connect-to-my-bluetooth-mouse (or something like that) script. Then, a week later, I forgot to run that when I booted up and logged in, once, but was using the mouse anyway. I had discovered that it wasn’t necessary to run that all the time.

One of the reasons that it had been so difficult to setup bluetooth on Fedora 7 was that I was using GNOME on that installation. I stuck with entirely GNOME apps (except for Kdevelop) the entire time I had F7 on this notebook. Now that I have F8, I’ve gone back to KDE, which makes life so much better for me. GNOME still doesn’t have much bluetooth support and what is there is still very early half-baked and non-usable, for the most part. KDE’s bluetooth tools, on the other hand, seem much more comprehensive and “just work” for me.

It doesn’t stop with just anaconda installation and yum update commands, either. Almost every yum install command that I run decides to install both 64-bit and 32-bit packages. That is, unless I explicitly specify that I only want the 64-bit for each and every package. For example:

# yum install foo.x86_64 bar.x86_64

Why is yum doing this? It didn’t used to. I started experiencing this a little bit on FC6, but F7 and F8 both have horrific troubles with it. I need to do some more digging through Red Hat’s Bugzilla bug/issue tracking system, however, my first pass didn’t find anything to help explain the changes. After a little more research, I’ll file this as a bug.

In the meantime, here’s a quick-n-dirty hack I put together to run updates. The first step is to capture the output of yum update to a file (be patient, this command can take for-freakin-ever to run). Step two is to run the update itself. Here it is as a shell script:

#/bin/bash
# Get a temporary file to use.
TO_UPDATE="$(mktemp)"

# Populate the temporary file with the list of available updates.
yes n | yum update > ${TO_UPDATE}

# Composite an update command that does not include any 32-bit stuff.
yum update $(for i in $(sed '/i[3456]86/d' ${TO_UPDATE} |
         sed '/^Updating/d' |
         sed '/^Installing/d' |
         grep -v "^$" |
         grep -v replacing |
         cut -d" " -f2); do
      rpm -q --qf "%{name}.%{arch}\n" $i; done |
   grep -v "is not installed$")

# Optional cleanup.
if [ "${1}" = "-k" ]; then
   mv ${TO_UPDATE} /root/$(date --iso-8601)-$(basename ${TO_UPDATE})
else
   rm ${TO_UPDATE}
fi

You will have to run a separate yum update command for any 32-bit stuff you really do have installed and want to update.

I know this could be streamlined (especially the part that constructs the yum update command), but as I’m not planing on making this a permanent fix, I’m just not going to bother with it right now. Still, feel free to comment or trackback with other solutions or optimizations of mine.

My HP Compaq 6715b notebook comes with ATI Radeon X1270 video 128MB RAM dedicated plus 192MB RAM shared) and a 1680×1050 resolution 15.4 inch LCD (at 61Hz, it would seem). I’ve installed the proprietary ATI driver in order to get it working, as Fedora’s tools get really confused about widescreen setups, it would seem.

Here are the relevent package versions:

# rpm -qa | egrep ‘(fglrx|kernel)’
kmod-fglrx-8.42.3-8.lvn8
kmod-fglrx-2.6.23.1-49.fc8-8.42.3-8.lvn8
xorg-x11-drv-fglrx-8.42.3-7.lvn8.1
kernel-devel-2.6.23.1-49.fc8
kernel-devel-2.6.23.1-42.fc8
kernel-2.6.23.1-42.fc8
kernel-2.6.23.1-49.fc8
kernel-headers-2.6.23.1-49.fc8
xorg-x11-drv-fglrx-libs-32bit-8.42.3-7.lvn8.1

(As you can see, I haven’t removed the original kernel, yet. Maybe I’ll go do that now.)

However, I seem to be getting some fairly odd artifacts on-screen with this driver under F8, including some odd extra sprite garbage with the mouse cursor. I had experienced some oddities under F7, but they were confined to GNOME applications (no others exhibited any issues). It doesn’t matter if I enable or disable “Desktop Effects” either (they won’t successfully enable, anyway). A RAM test (memtest86+) shows that there’s nothing wrong with the system memory, but that doesn’t test the video card. There are ATI tools for testing the video card more fully, but I haven’t had time to try them out, yet.

Since FC6, Fedora systems rely on the X server detecting proper monitor and other configuration parameters every time it starts. This has been far less than reliable on a wide variety of machines that I’ve been running into over the past year. I’d like to get some more information about other people’s experiences with this, before I file a “bug” report about this. It’s really becoming an embarrassing problem as things worked much better when we would get a finished configuration file by default in FC5 and earlier.

First, I tried to do an “Upgrade Install”, which didn’t surprise me by not working. Upgrading from 32-bit F7 to 64-bit F8 isn’t something that anaconda knows how to do, and I didn’t expect it would. Still, I tried it and know we know for sure. So, I did a fresh installation. I removed the root Logical Volume (I’ve been using LVM for my notebooks and workstations since long before Fedora started to default to it) and created new LVs for / and /usr/ LVs. Previously, under F7, /usr/ was on the root LV.

The install phase itself went just fine. 1478 packages were installed, including 389 32-bit (i.e. i386, i486, i586 and/or i686 RPMs). I ran a simple command to find and then remove all of them:

# rpm -qa –qf “%{name}-%{version}-%{release}.%{arch}\n” | grep “\.i[3456]86$” | xargs rpm -e

If I need any 32-bit stuff later, I’ll just reinstall as few such packages as are required.

My next issue was the same video problem as I had when I installed Fedora 7. The graphical installer couldn’t run and the resulting system had no working X server configuration. This was very easy to fix:

# wget http://rpm.livna.org/livna-release-8.rpm
# rpm -qp –qf “%{name}-%{version}-%{release}.%{arch}\n” livna-release-8.rpm
livna-release-8-1.noarch
# mv livna-release-8.rpm livna-release-8-1.noarch.rpm
# rpm -Uvh livna-release-8-1.noarch.rpm

(NOTE: I renamed the package file back to what it should have been in the first place. Though rare, if they update it, I’d like to notice the difference and be sure I’m using the latest one on some other machine in the future.)

After setting up the Livna repository for Fedora 8, I was able to install and activate the ATI driver:

# yum install kmod-fglrx x11-xorg-drv-fglrx
. . . output omitted . . .
# fglrx-config-display enable

Notice that the command name changed from Fedora 7 to Fedora 8; it used to be ati-fglrx-config-display.

The next thing I need to fix is to re-associate my Logitech Bluetooth mouse with the notebook. I had a script in /root/bin/ that would have taken care of that very easily. Unfortunately, I forgot about that until after I had installed Fedora 8, thus obliterating that file. Oh, well. This time, I’ll also document it elsewhere (perhaps here?) once I get it figured out again. I hope that will be tonight.

One last thing; with Fedora 7, I did my very best to stick with an all GNOME system. It was very irritating using applications that just couldn’t handle lots of basic things that I take for granted using other apps (mostly KDE). For Fedora 8, I’m going back to KDE, where things work much better.

Though I haven’t had a chance to try it out, yet, this is exciting news. It’s wonderful to see a game like this take the step to providing Linux, and Mac clients. Given that Microsoft (MSFT) Windows Vista is such a horrible platform and provides terrible performance for games, it would be a very good for many game makers to put more effort into both Mac and Linux support. In case you hadn’t heard, Apple (AAPL) sold 2 million iMac systems in 2007Q3 alone. There is talk that they could top that number in Q4 with ease.

Blizzard, are you listening? How about providing a LInux version of World of WarCraft and StafCraft II (whenever it lands)? That would be awesome.

Take a look at http://www.overcomingbias.com/2007/09/926-is-petrov-d.html. This was probably one of the most important moments and one of the best decisions anyone ever made in the entirety of the 20th century.

Petrov decided to not destroy the world just because a bunch of flashing lights told him that five (that’s right only five) US missiles might be heading towards the USSR.

I’m posting the script, which is still very rough, as I didn’t both taking any time when I whipped it up last night to take care of everything that it really should be doing. Still, I’ll work on it here and there, I’m sure. You can download it from http://www.openbrainstem.net/download/sign-lots-o-keys. If you feel like makeing some fixes, either post your patches (please, create them as a unified diff file, if you wouldn’t mind) and put a link in the comments here and/or on your own blog.

Enjoy!

I’ve been needing to get a new notebook for the past two years, but I kept putting it off because of time, money and that one more feature that’s coming out in a couple of months. With the arrival of so many new notebooks in the office, I decided to look again and dream about a new one of my own, so I made the rounds looking at systems of interest, including a couple of HP notebooks, the ThinkPad and Apple’s MacBook Pro.

When I hit HP’s Small & Medium Business website, I noticed the one category of notebooks which I had always left unexplored (as they didn’t fit some of the criteria I look for) listed that there were models which had up to 16 hours of battery life. I was curious to see what they had in this “Balanced Mobility” category, so I took a look. Boy, am I glad I did.

I found the HP Compaq 6715b. They had (at this writing, I think it’s still on) a pre-packaged deal going for US$1,129 (Ed: The price is lower, now) with:

• AMD Turion64 X2 (dual core) at 2.0GHz
• 1GB RAM
• 160GB SATA hard drive
• ATI Radeon Mobility X1270 video chip (with 128MB dedicated RAM and using 192MB shared RAM)
• 15.4 inch WSXGA+ (1680×1050) LCD
• Broadcom Gigabit Ethernet NIC
• Broadcom 4321 802.11 a/b/g/draft-n wireless NIC & integrated bluetooth
• Fingerprint reader
• 4 USB 2.0, 1 IEEE1394 (firewire), 6-in-1 card reader (actually, all SD type form factors), 1 Type I/II PC-card slot

That’s a lot of notebook for the money. So I put in an order. HP estimated that it would ship on the 30th of August, but it arrived on Thursday morning (2007/08/23).

In fact, I believe it’s around half the price of what any of the other guys have paid for their ThinkPad notebooks and it’s almost the same. They got a wireless USB 2.0 capability which I don’t have, but they only have 3 USB 2.0 ports (I have 4). Most (if not all) of their screens are 15.4 inch WUXGA (1920×1200) with nVidia graphics (256MB), an Intel Core 2 Duo (2.0GHz or 2.2GHz, I’m not sure which in all cases) and they have a nice “eraser-head” mouse which I don’t have, but really love. I hate trackpads, so I just picked up a Logitech bluetooth mouse, Saturday.

Overall, I think I got a better deal. My processor is as good or even a little faster than the ThinkPads’, and otherwise there’s very little difference in the equipment between the two, but they paid quite a bit more than I did for the HP. Thanks to that savings, I also picked up a 12-cell “Ultra Capacity” battery for my new notebook, which attaches to the underside at the back, causing the system to sit at a slight incline. The Ultra Capacity battery mounts in addition to the standard battery that came with the notebook and gives this machine up to 16 hours of battery life, with only a small increase in weight but a little more comfort and room for airflow underneath. We’ll have to wait and see just how much life I really get out of this setup, but I shan’t fear attempting to watch 3-4 movies on an international flight.

I’ve installed Fedora 7 on it. When I booted up the box to do the install, anaconda couldn’t get X to run, so it offered me the choice of using the text-mode installer or of starting VNC for me. I went with a VNC install. The resulting system had a couple of things to fix up. I checked on http://linux-laptops.net/ but this model isn’t listed, yet.

I believe there must have been a bug (I didn’t bother to go looking in Red Hat’s Bugzilla for it) in the version of YUM that shipped with F7 (32-bit) as yum update kept corrupting the RPM db and then deleting the errata RPM files as it thought it had installed packages but actually hadn’t. I simply edited /etc/yum.conf and set keepcache=1 before re-running yum again. That way, the packages stuck around and then I installed as many as I could using rpm instead (including an updated YUM package), which required me to fix the RPM DB, first. This was easy to do by simply running rm /var/lib/rpm/__*; rpm --rebuilddb and waiting for just 1 minute for it to finish. After installing the updated YUM package, all yum commands have worked perfectly for me.

To “fix” the X server configuration, I simply added the livna YUM repo to my new system and ran yum install kmod-fglrx followed by ati-fglrx-display enable as root (that’s not the command mentioned in the Unofficial Fedora FAQ for FC6, but the F7 version of the UFAQ wasn’t up yet) and the X server worked perfectly, even running the screen at it’s full, native resolution by default. I’ll have to see about running Cedega for a couple of games.

Next, I tried to get the fingerprint reader working, but so far, I’ve had no luck. Honestly, I haven’t really tried all that hard, yet. Some quick Google searches have only found references to people who haven’t gotten other HP notebooks’ fingerprint readers to work, but I also found some “hints” that others have. The output of the lsusb command showed Bus 003 Device 003: ID 08ff:2580 AuthenTec, Inc., which is the fingerprint reader.

I haven’t gotten the Broadcom 4321 802.11a/b/g/draft-n working yet. Linux does come with a driver that supposedly covers the chip in this Mini-PCI card, but I do not have the firmware for the driver to load. The tools for these cards come with a program called fw-cutter, but I haven’t found a file for this card that it will work on, yet. I suspect that I will have to wait for an update to fw-cutter to be able to get this working under the Linuxdriver . Perhaps I can find time to try to help patch it. In the meantime, my good old Cisco airo 350 card works fine, but I could also use NDIS Wrapper to run it with a Windows driver.

I’ve only been using this notebook for less than a day (and only a small part of the day, at that). Even so, I’m very happy with it already.

I’m thinking of installing Ubuntu (or Kubuntu, probably) on here alongside of Fedora. I’ve been wanting to learn more about that distro and now I have a hard drive that’s more than large enough for me to play with such things.

I also added vga=0x31a to the kernel line in the /boot/grub/menu.lst file (yeah, yeah, I know how Red Hat/Fedora only folks are going to say the file is “supposed” to be /boot/grub/grub.conf, but it really isn’t so; so, please, don’t add comments telling me about that). That sets up a framebuffer mode for text that’s 1280×1024. I don’t know if the kernel can support a 1680×1050 mode or not (so far, I’m not finding anything that would make thik it does). If so, I’d sure like to find out the right code for it. If not, I’d like to figure out how to add wide-screen friendly modes to the kernel framebuffer driver(s), as more and more systems are going that way.

I’m going to post this system on the http://linux-laptops.net/ website. If anyone else figures out how to get the fingerprint reader working under Linux on this or any other notebook that uses the same fingerprint reader chip/device, please, either TrackBack to this post or leave me a comment.

The new law amends the “Foreign Intelligence Surveillance Act of 1978 to provide additional procedures for authorizing certain acquisitions of foreign intelligence information and for other purposes.” It was sponsored by Sen. Mitch McConnell [R-KY] and Sen. Christopher Bond [R-MO].

I haven’t had time, yet, to fully read the resulting text of the bill (there are always amendments to bills as they pass through Congress), so I will reserve any specific commentary for a latter time. However, it appears that this new law could seriously affect privacy under certain circumstances in the United States.

It seems that several TSA inspectors at several different airports were mistaking the laptop battery for a possible gun in Ben’s notebook bag as it went through X-Ray scanners.

The recent MSNBC story, “Computer security problems found at IRS,” discusses security problems found at the IRS. One of the more interesting items:

Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service.

But even more disturbing:

Only eight of the 102 employees contacted either the inspector general’s office or IRS security offices to validate the legitimacy of the caller.

Matt Bishop’s comments on the nearly total lack of cooperation from the California Secretary of State’s office gave to the review process are utterly amazing. It’s good to see that Debra Bowen (California’s Secretary of State), has now taken the step of decertifying, dis-approving all previously approved eVoting systems.

Avi Rubin has some excellent comments on the whole eVoting situation.

The State of Florida is getting into the act, reporting on their own security reviews of commercial eVoting systems (PDF). In this letter to Diebold (PDF) which the State of Florida has published, they give Diebold an ultimatum:

Based on the report, the Bureau of Voting systems Certification has determined that certain vulnerabilities outlined must be corrected by August 17, 2007, to continue this certification. Failure to do so will result in a denial of certification.

There’s 3 pages of required fixes attached to that letter.

The U.K. Electoral Commission recently released their report detailing serious security flaws in eVoting systems.

Electronic voting is a hard problem, but that doesn’t excuse Diebold Election systems, Inc., Hart InterCivic, Sequoia Voting Systems and Elections Systems and Software, Inc. from their demonstrated complete lack of fundamental understanding of how to secure … well, anything and in particular, they’ve all shown that they have no one with even the first clue of how to either implement nor apply cryptography correctly.

Applause go to both Florida and the U.K. for recognizing bad vendor crap in the first place. An extra-hearty ‘atta-girl’ goes out to Debra Bowen in California for throwing out approvals and certifications of these seriously flawed systems.

This topic is far too important to leave in the hads of the proprietary, closed-systems mindset crowd. It must be open. The code must be open and available to everyone. All systems must be thoroughly tested by reputable, recognized, outside authorities. I hope we’ll see an open source/free software implementation of an eVoting system that could be used for governmental elections. Such a system wouldn’t be limited to only government use, either, but I believe it would find place in many corporations and other institutions.

Let’s see how this goes. If you would like to comment, you can’t post it on my site. Use your own blog and use a TrackBack to this article. Let me know what you think.

Personally, I’ve always preferred the idea of TrackBacks over comments. I just wasn’t quite sure how to explain (nor did I ever take the time to really think about) why I felt that way. So, thank you to Dave Winer for helping me quantify it.

Although I have configured this blog to not have the “Allow comments” option selected by default, existing posts which did have that option on should still permit comments. I will fix this by editing the DB directly. Hopefully, existing comments will still be visible once I do so.

It’s not very good
And, most certainly, is not
Quality Haiku

It was a piece of testing text that I placed in a text editor for an admin piece of a webapp I’m helping a friend meet a deadline for.

But a new problem has surfaced with 2.2.1 in the admin interface; when loading the Dashboard or the Write or other pages which include wp-includes/js/jquery/interface.js, it freezes up my web browsers. I’ve tried it with Firefox, Opera, Konqueror & Safari, some on both Linux and Windows. The browser eventually lets me kill it (but I have to stop it 2 or 3 times) and then the page will finally load. In browsers where I have debuggers for JavaScript, I find this error:

Error: https://www.openbrainstem.net/blog/peregrine/wp-includes/js/jquery/interface.js?ver=1.2: Error: Error

It’s pretty frustrating trying to use my blog when the admin interface has some buggy JavaScript. I’m going to try to debug it, though JavaScript isn’t my favorite language. I’ll keep you posted if I find a fix.

As with Harry Potter and the Half Blood Prince (year 6), we are reading it together. We’ve only gotten into chapter 7 so far, as I had to leave on another business trip (to Ohio) 10 hours after we got home and she left on another Women’s Trip (like most years her side of the family does). So, we’re on pause right now and both itching to continue the book.

On a side note, I did get the chance to see the 5th Harry Potter movie this week one evening in Ohio. I’ll probably write a short little review of that experience, soon.

If you have an OpenID account, you can now use it to comment and to register on this blog, without having to register on this blog. I haven’t required logins to commont on this blog since June of 2006, but still required commentors to fill in their name and email and optionally allowed them to include a URL for their own site. Now, these kinds of things can be done via your OpenID.

I didn’t activate the second WordPress plugin yet, as I haven’t registered an OpenID of my own, nor have I set up an OpenID server.

I’m thinking about standing up an OpenID server on OpenBrainstem. I’m not really sure about this yet, so I’m asking you, my readers, to weigh in on the idea. Post your views as comments to this post. Tell me why I should or shouldn’t run my own OpenID server.

I have previously written about terrorism and the true goals & motivations of terrorists (see my article, “What the Terrorists Want“). This latest article on the subject from Bruce takes the discussion a very important and valuable step further. I recommend you read that article.

In my past writings on the subject of terrorism, I’ve always stressed how terrorist attacks are not about the target of the particular attack, but are instead about inducing terror, typically in a large population. The point being that we need to not focus on the tactics used and we need to refuse to be terrorized.

Bruce’s new article talks about the reasons why the psychological impact of terrorist activities (especially attacks on innocents) lead us to infer and then associate the tactical target with the motivation and reason for the attack. We think, “Terrorists attack in order to kill as many of us as they can or disrupt as many of our lives as they can.” This isn’t necessarily incorrect, as the tactical plan a terrorist chooses to employ really is about just such goals, but those goals are also not the true motivator. The point of a terrorist attack isn’t to disrupt our lives or even as simple as inducing terror in the population; almost all terrorists actually have other, larger goals in mind.

We defeat terrorism by refusing to be terrorized, but we do not defeat the terrorists in that way. This is because they will still have their primary goals, and they will not have gotten any closer to them whether or not we refuse to be terrorized. Here are six of Bin Laden and al Qaeda’s goals (from former CIA analyst Michael Scheuer’s book “Imperial Hubris“):

1. End U.S. support of Israel
2. Force American troops out of the Middle East, particularly Saudi Arabia
3. End the U.S. occupation of Afghanistan and (subsequently) Iraq
4. End U.S. support of other countries’ anti-Muslim policies
5. End U.S. pressure on Arab oil companies to keep prices low
6. End U.S. support for “illegitimate” (i.e. moderate) Arab governments, like Pakistan

Terrorism is about terrorizing people. That terror is meant to be a political lever to induce changes desired by the terrorist(s). But terrorism just doesn’t work. In his article “Why Terrorism Does Not Work, published in International Security, Max Abrams analized terrorist attacks and concluded that they are successful at achieving the goals of the terrorists only 7% of the time. Abrams seems to have been rather generous in his measurement of success and failure, giving the benefit of the doubt to the terrorists, so in reality, the number might be closer to 3%.

To defeat terrorism is a very hard problem. It would be much easier if the terrorists realized that terrorism doesn’t work. The vast majority of the time, it does not bring them closer to their true goals. The best thing each of us can do is refuse to be terrorized and to not overreact.

It was obvious that there were a lot of cancellations on Northwest. Fearing that my newly re-booked flight might also be canceled, I asked if this was a likely possibility. “We have no reason to think that there will be any cancellations tomorrow,” was the response. Not quite fully reassured, I prompted them for details about the cancellations. Over 300 Northwest flights had been canceled so far that day (it was not yet 1pm MDT) due to “Lack of crew availability” (which they read directly from their screen concerning my flight, and others’ around me). I asked why they had such large crew shortages. “Because of the weather on the east coast; so many flights out of there had to be cancelled that we now haven’t got crews where they need to be. All flights out of MSP that head east are cancelled for today at this point.” I hadn’t heard about any serious weather, but I hadn’t really been looking in the past few days either.

Then the next problem hit. They were unable to print anything, it seems. They couldn’t print boarding passes for people who were going to be flying, they couldn’t print an itinerary for me (or other people, either). Finally, they hand wrote my flight numbers and departure times and gave that to me on a scrap of paper. While they were working that out, I called my ride (I had been dropped at the Boise airport this time) to get them turned around to come back and get me. While waiting for my ride to return, I made a couple of other calls to people who needed to know that I would not be there to start my class Monday morning.

After returning to the house, I phoned the hotel and rental car agency to push my reservations back for the next day. The hotel was no trouble at all, and I even got the 1 night refunded without any hassles (Marriott properties are great that way). But the rental car agency said that the price for changing my reservation would be an additional $200 for the (less than a) week. I phoned Expedia Corporate Travel, which had been used to book the trip in the first place. That’s when things really came apart.

Expedia’s agent was able to help me reschedule the rental car with Hertz (my first ever time renting from them, but I’m 100% convinced that they are the best now), which turned out to be a few dollars cheaper than the other alternatives now, though the price still did go up. They also double-checked with the hotel for me and things were fine there, but there were problems with the flights. Mainly, their systems now showed that I didn’t have any. They phoned the airline and called me back a couple of times and eventually got us all on a conference call together, where the airline representative told me that my flights were not canceled, that they were almost no flights canceled anywhere and that my flight was about to land at BWI. She also said that their system did not indicate that I was booked for the new Monday flights but that they showed that I had never shown up at the airport at all. This despite the fact that the BIO counter and kisok systems both had pulled up my information, which I pointed out and she said that their systems did, indeed, log such lookups and there were no entries showing that I had been there. I asked if they had any data about anyone being queried from Boise today, which she “couldn’t answer”. She tried to make sound like she couldn’t perform a query to find out, but it really sounded like she knew that I was right and their systems were currently partitioned. In any case, that was the triger that got her to lock me in for the next flight (the one the counter agents at BOI had given me) despite the fact that she had told me earlier in the conversation there were no seats available at all.

After all that conversation (which took about 25 minutes) it looked like I was solidly set to travel Monday morning. Still, Expedia’s computers couldn’t see the flights. After a few minutes asking the Expedia rep some questions, I ascertained that the flights were booked (originally) through Delta Airlines’s systems despite the fact that every single leg was with Northwest. So, I called the special Medalion Members only service line (gotta love some of the perks) and they were able to reconnect the dots, though they were very perplexed that Expedia had booked the flights through them to begin with.

But just for my own sanity, I spoke with the counter agents at both BOI and BWI on Monday. They both said that the flights had been canceled. When the agent in Boise looked up the flight I had been originally scheduled on, that system showed that it had been canceled and still showed the same reason. The same occured at the ticket counter in BWI. This left me feeling like Northwest’s “customer service” center wasn’t really trying to serve the customer but instead trying to cover up the whole thing.

Then, on Tuesday morning as I left my hotel room to head for the classroom I was teaching at, I had a copy of USA Today outside my door. I picked it up but didn’t look at it until lunch. The topmost story on the Money section for Tuesday, June 26, 2007 was titled “Northwest’s flight cancellations surge“. Basically, Northwest’s management is blaming weather from several days earlier for canceling 14.2% of their flights on Sunday alone. Their pilots are blaming it on bad planning by management.

It looks like Northwest is burning all of their pilot’s legal limit of flight hours (some on activies other than flying) so quickly that they can’t fly them towards the end of each month. In addition, Northwest’s management has reportedly refused to rehire furlowed pilots, despite the fact that they know there is heavier demand coming. The USA Today article goes into a little more detail regarding the situation.

The long and the short of it is, if you travel much, I would recommend avoiding Northwest flights in the last 7-10 days of the month, for now. We’ll see if management gets it together in the next couple of months or not. Until then, I know I’ll do my best to avoid a repeat.

BTW: I normally fly out of SLC, but am visiting family in Weiser, Idaho for three weeks centered around the 4^th of July holiday. did check and found that I would have had the exact same experience if I had been flying out of SLC, as there were no flights available on Delta either (those Medalion Member Service Center folks are very helpful and answer all sorts of questions). Apparently, due to Northwest’s high cancellation rates over the whole weekend, all the other airlines seats had been filled as Northwest moved them to other flights and Delta’s had all been filled the day before.

Well, the illustrious and all wise folks at the US Department of Homeland Security have apparently decided that US Department of Homeland Security have apparently decided that they should have copies of the DNSSEC key-signing keys. Given that someone told them that these were the “cryptographic keys to the Internet,” it’s very understandable that they would drool over them.

I wonder how disappointed they’ll be if they succeed in commendiering a copy of the key-signing keys and then learn what they really are; merely the keys used to sign keys used by DNS servers which are authoritative for registered domains, and nothing more.

What’s next? Is DHS going to start demanding the key to every city, too?

I can understand parents wanting to protect their children. Security isn’t always about the actual security. Sometimes, the perception of security is more important than the value of the actual security itself. In this case, parents have a greater peace of mind so they feel more secure.

But what about the children? Do you think that they might be a bit more emboldened knowing they have the armour on? In that case, such children are actually at a much greater risk then they were before. Do you think some would take it off as soon as Mom & Dad are out of sight? After all, many kids have done the same with their clothing.

P.S. If the story was about body armor in the U.S., I would have spelt armour differently.

MiniDisc is an awesome technology. It holds just as much music as a CD on a 2-inch recordable magneto-optical disk in a thin, sturdy plastic casing. The audio quality is quite good.

I’ve had a MiniDisc deck for many years, but haven’t had it hooked up for the past 3 years or so. Last night, I came across my stack of discs while looking for (and finding) some LS-120 floppies. So I decided to dust off (literally) the deck and plug into my home workstation for playback. Unfortunately, I couldn’t find an audio cable to go from stereo RCA connectors to the line-in jack typical of compter sound cards. This afternoon, it occured to where I could look for the cables I kew that I had and, sure enough, I found them. Since then, I’ve been enjoying listening to my MiniDiscs.

The first deck that I had could do both component audio and fiber optic audio for both input and output. That deck went out and I got it replaced with this current model, but the new one does not have fiber optic input for recording.

It’s been nice to research some links for this article as I’ve learned a lot about newer developments in MiniDisc technology and available devices that have come out over the past couple of years. I think I’m going to have to pick up some of the new Hi-MD (my birthday is in May, in case you were wondering) disks and units. It’s also been fun to reminisce about the two years (from 1995-1997) that I was at that mobile DJ company. Good times.

Well, it irritated me enough a moment ago to actually take a look at the full headers of just such a message. Here are the headers added by SpamAssassin:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
       dark-templar.lamontpeterson.net
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.0 required=4.0 tests=BAYES_80,DRUGS_ERECTILE,
       DRUGS_ERECTILE_OBFU,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,URIBL_AB_SURBL,
       URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL,VIA_GAP_GRA autolearn=no version=3.1.8
X-Spam-Report:
       *  2.5 VIA_GAP_GRA BODY: Attempts to disguise the word 'viagra'
       *  2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
       *      [score: 0.8180]
       *  0.0 HTML_MESSAGE BODY: HTML included in message
       *  1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
       *      [Blocked - see <http ://www.spamcop.net/bl.shtml?201.83.176.249>]
       *  1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
       *      [URIs: tersho.com]
       *  3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
       *      [URIs: tersho.com]
       *  4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
       *      [URIs: tersho.com]
       *  4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
       *      [URIs: tersho.com]
       *  2.4 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
       *  0.5 DRUGS_ERECTILE Refers to an erectile drug

(Now that’s one spammy piece of SPAM!)

OK, so I took a look at my ~/.mailfilter file on the server:

### SPAM
if ( /^X-Spam-Flag: *(yes|YES) / )
{
   to "$HOME/mail/.SPAM/"
}

Many of my readers may be eagle-eyed enough to spot the problem right away. If you said, “Hey, you’ve got a superfluous space after your closing parenthesis in your regular expression there,” then you got it.

That regex would match either “yes” or “YES” (they are case sensitive). I did this because at some point long ago, I had a rule on a system that used “yes”, but SpamAssassin today produces “YES” and I just didn’t want to have it missing stuff because of something like that.

I decided to further improve this regex so that it might be less likely I’ll have to “fix” it again:

### SPAM
if ( /^X-Spam-Flag: *[yY][eE][sS]/ )
{
   to "$HOME/mail/.SPAM/"
}

Problem solved.

BTW: the term SPAM originally came to be used in the computer world because of the Monty Python Spam sketch.

There were some databases changes that weren’t handled very cleanly by the update script. I had to drop and recreate the DB from my backup (taken just before starting the upgrade process).

One of things that changed was the way that links are managed. The wp_linkcategories table was “replaced” with a new wp_link2cat table. Unfortunately, the upgrade script didn’t complete the conversion process.

Most of the work required to fix up my links was done within the management interface in my web browser. Not hard, but it took a few moments. One of the categories didn’t make it through the upgrade. Several others (but not all of them) from the categories list now show up, too. Upon further examination I discovered that the only categories that appeared were those which were not assigned to any posts, though, it appears in the UI that they intend all categories to be simultaneously usable for posts, pages & links. However, when I tried to assign a category which is in use for several posts to a link, that link no longer rendered.

The change from a separate set of categories for links to a unified categories system was certainly the right direction. It merely appears that testing of that part of the upgrade code wasn’t very thourough.

Writing this post, I discovered what appears to be a new auto-save feature. Every couple of minutes while the focus is in the post body input field, the auto-save kicks in and a text marker next to the save/publish buttons updates to say “Saved at h:mm:ss” (the time on this notebook). Nice!

I remember (vaguely) when Mt. St. Hellens blew its top (we even have a jar of ash from our front yard that we kept). That one event released more “greenhouse gases” than all industrial and automotive emissions since man started industrializing. Yet, the environment overcame it (and fairly quickly, too). I read an article about a year ago about how man didn’t clean up all the ash (and the environment is still “self-cleaning”) in one valley.

Reading Fozz’s comments, the thought returned to me that any attempt to state that the quantity of greenhouse gases that man produces are responsible would require hard numbers on the total amount of energies across the spectrum that reach the Earth (reaching the upper atmosphere, penetrate partway and reach the surface). I’ve never heard or read about any good continuous measurements being taken on an ongoing basis. Maybe you have; if so, I’d love to hear about them.

In all the reading that I’ve done, I find it highly unlikely that the puny quantity of gases we produce could account for the observed changes. We just don’t have numbers going back long enough to determine whather this is just part of a normal cycle or not. We have some evidence that goes back a few hundred years that let us make some guesses, but not enough to really extrapolate a pattern with enough certainty to begin answering such questions.

In the 50’s & 60’s, there was a significant concern around the world about global cooling. It wasn’t until the mid 70’s and early 80’s that we reached the point where those fears were gone, only to be replaced with the current global warming concern.

Here’s my theory about man’s activities and global warming: I think that direct heating, thermal-punping and surfacing account for the vast majority of man’s contribution to global temperatures. Burning fuel to produce heat for the home, energy to move a car and so forth produce a lot of heat. Covering large areas with concrete drastically alters the thermodynamics of the Earth’s surface.

Another thing to remember is that almost all the data is about surface temperatures, as it should be. The temperatures at the surface are responsible for the climate that we have to live with. That’s the part we experience. Again, if there’s been a study with correlating data about temperatures aloft.

Overall, I just don’t think we have enough data or enough understanding of how the planet works to be able to properly asses the state of the Earth nor the true impact man has upon it. Scientists want to take the numbers and produce an equation that explains it all, but we can’t. We don’t have the data and even when we finally do, I think the equations will be far more complex than anyone today would ever conceive.

It seems that “global warming” is poised to become the next warm-n-fuzzy (no pun intended) political issue. I believe that we will be hearing a lot of politicians glom onto this “issue” over the next couple of years.

Taking a look at the bullet points in the article, the very first one jumps out and says to me, “I’m the #1 reason that Microsoft reimplemented their TCP/IP stack from scratch.” That one reads:

Dual IP layer architecture for IPv6

After all the embarasing failures to produce a workable IPv6 stack (I first remember seeing “beta” code from Microsoft in 1999), it would seem they finally realised that the whole thing would have to be rearchitected.

Most of the bullet points in the article are fluff with a little bit of BS thrown in there two (obviously, the marketing department is still in full control of the Microsoft’s website). Lest you think I’m only here to bash Microsoft, here are some things that looks like improvements to me:

The interfaces in the current TCP/IP stack for TCP/IP security (filtering for local host traffic), the firewall hook, the filter hook, and the storage of packet filter information has been replaced with a new framework known as the Windows Filtering Platform (WFP). WFP provides filtering capability at all layers of the TCP/IP protocol stack. WFP is more secure, integrated in the stack, and much easier for independent software vendors (ISVs) to build drivers, services, and applications that must filter, analyze, or modify TCP/IP traffic. For more information about WFP, see Windows Filtering Platform.

This isn’t exactly new. Windows has had hooks into some parts of the network stack. Windows XP Service Pack 2 added some more key hooks. But one of the problems with the pre-Vista implementations is that tools which used these hooks couldn’t be guaranteed to always be able to process traffic. Although I haven’t gotten in-depth details of WFP, what I have read about it’s architecture it looks like it’s much more robust and complete.

The Next Generation TCP/IP stack can offload the processing of TCP and other types of traffic to Network Driver Interface Specification (NDIS) miniport drivers and network interface adapters. Offloading TCP and other protocol processing can improve performance for high-bandwidth networks or high-volume servers.

Although some NICs (mainly 3Com) have offloading engines that can take much or most of the load of IP and/or Ethernet packet/frame contruction and processing from the main CPU, thus freeing it for other tasks, the networking configuration of a particular Windows machine often prevented such offloading from occuring. Although I do not know any of the details as to why this happened, I have been told (by people who would have such detail) that it was due to the networking architecture of Windows. Again, I don’t have much detail on the architecture of this new feature in Vista, but what I have read leads me to believe that the new stack will make these NICs more useful as well as being easier for driver writers to implement.

The architecture of NDIS 5.1 and earlier versions limits receive protocol processing to a single processor. This limitation can inhibit scaling to large volumes of network traffic on a multi-processor computer. Receive-side Scaling resolves this issue by allowing the network load from a network adapter to be balanced across multiple processors. For more information, see Scalable Networking with RSS.

This is a much needed improvement for some systems, like Data Center Server (which already had something similar) and some beefier Windows Server boxes, but will not benefit end users much. If you were running a game that only utilized 1 of your multiple processors, theoretically, having the ability for the other processor to take over the networking processing would improve performance. Realistically, I doubt you could see the difference. Still, this is another welcome improvement in design.

The Next-Generation TCP/IP stack has an infrastructure to enable more modular components that can be dynamically inserted and removed.

Welcome to the 21^st century! Linux has done that since kernel 2.0 was released (the first version that supported kernel modules).

The Next-Generation TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after settings are changed.

Of course, Windows 2000 supposedly eliminated almost all the code paths where networking changes that would require a reboot. I remember a Microsoft event where they told me that NT 5.0, as it was still called at that point, only had 6 remaining code paths (down from 27 or so) with the whole OS where a configuration change would require a reboot. However, in practice, most people experienced a need to reboot the system to make common networking configurations changes actually effective approximately 1 out of 2 times such changes were made.

One could also read, “We changed the configuration storage methods so you won’t know where to look anymore,” into that one.

From a security perspective, I’m very concerned about their new Inspection API (emphasis added):

The Next Generation TCP/IP stack exposes an Inspection API, which provides a consistent, general-purpose interface to perform deep inspection or data modification of packet contents. The Inspection API is part of WFP. The Next Generation TCP/IP stack provides access to the packet processing path at the Network and Transport layers.

So, it’s easy to hook into the Inspection API and use that to modify network traffic. It looks like it would also be trivial to inject any traffic you wanted to. Given the definition of the word inspection, I wouldn’t expect to find a modification mechanism integrated into the same sub-system.

Having a good set of instrumentation hooks into the entire network stack is important for certain types of software development, security research, auditing and a few other things. None of these should be taking place on production machines. However, it looks like Vista does not provide a way to disable the Inspection API. This could be used by a malicious program to monitor any network traffic it wanted to, or even to implement network communications that could possibly be entirely hidden from other programs (including security tools) and users. At the very least, the Inspection API should not be installed as part of the OS. Even the ability to disable it might not be enough, especially given Microsoft’s security track record.

Overall, however, I feel that I can agree with some of the reasons it appears were behind Microsoft’s decision to reimplement the TCP/IP stack from scratch for Vista and I feel that there are several valuable improvements.

That said, I still do not consider Windows networking stack, even the new one in Vista, to be remotely secure. There are too many unknowns and there is no proper, un-biased, third-party code scrutiny. Closed software simply can not be secure. Peer review by recognized outside experts is mandatory in order to build good security. That’s why burglar alarm companies invite ex-cons and security experts to do their best to penetrate their systems. That’s why insurrance companies do the same with all automobile security systems (as well as letting them asses the relative value of each system for their purposes). Microsoft doesn’t understand that and there’s no reason, from their perspective, that they need to; they’re in business to make money. Until the liability for bad security is placed on Microsoft (and other software vendors) there is no incentive for them to fix it.

So, I used KTorrent to download the DVD ISO for the x86-64 version of openSUSE 10.2, which I let run overnight (3.7GB takes a little while on a T1 line). I verified the MD5SUM on the ISO file and tried to use cdrecord to burn the image to a blank DVD. 865MB in, ka-blooey. A write error meant I had a Frisbee (or coaster, if you prefer). “OK, well that could just be one bad disc,” so I tried again. Same thing. “OK, perhaps if I turn the burn speed down,” but I now have 3 discs with ~865MB burned on them.

So, I installed k3b and tried to burn from the DVD image with that. It worked like a charm.

I’m not sure what switches k3b used, but it did run growisofs before starting the burn process. I’m not sure whether that was important or not. The cool thing is, this is an example of a frontend that is done right. With k3b, all sorts of burning situations are just handled. It will work with all sorts of disc burning and image related tools, can use transcode when creating audio or “MP3″ CDs, has DVD aware support and so much more.

What a sweet Christmas present for a 5-week old little girl to give to parents; the first time she slept through the night. :)

Merry Christmas, or whichever greeting is appropriate for you. We wish you all the best.

The IMMI phone randomly samples 10 seconds of room audio every 30 seconds. These samples are reduced to digital signatures, which are uploaded continuously to the IMMI servers.

But why would they do that? Money, of course:

IMMI also tracks all local media outlets actively broadcasting in any given designated media area (DMA). To identify media, IMMI compares the uploaded audio signatures computed by the phones with audio signatures computed on the IMMI servers monitoring TV and radio broadcasts. IMMI also maintains client-provided content files, such as commercials, promos, movies, and songs.

By matching the signatures, IMMI couples media broadcasts with the individuals who are exposed to them. The process takes just a few seconds.

Panel Members may sometimes delay watching or listening to a program by using satellite radio, DVRs, VCRs, or TiVo. IMMI captures these viewings with a “look-back” feature that recognizes when a Panel Member is exposed to a program outside of its normal broadcast hour, and then goes back in time (roughly two weeks) to identify it.

Now, let’s think about this just a little. If anyone in a given room has bought into this free cell phone scam (yeah, that’s right, I’m calling it a scam; you gotta problem wit dat?), then they have chosen to give up their privacy. But what they probably don’t realize or think about is that everyone else in any room they are in has just lost his/her privacy and they don’t know it.

Personally, I want to know what these “special” cell phones look like so I can recognize them. When I see one, I’m going to politely ask the “owner” of it to remove the battery. I’m sure they’ll look at me funny, but I’ll calmly, patiently and very briefly explain why. If they refuse, then I will ask them to leave the room or bury the phone in a purse, briefcase, coat or computer bag where it can’t hear anything.

I wonder what will happen when the first lawsuit is filed against the company for breaching other people’s privacy. I mean, since I haven’t signed their agreement, they are violating my privacy by placing the device with an irresponsible person who would allow it to be in the same room as me.