Tim Hardy

Apologies to anyone who’s been having trouble reaching this site in the last three days. I’ve been having major power problems so the server has been going up and down repeatedly. Power is back up at the moment but will definitely go down again on Monday when the fifth electrician to visit in five days tries to fix the underlying problem and undo any damage caused by the first four.

These guys charge between £85 and £135 callout fee for the first hour. I’m in the wrong business.

Chris Anderson thinks we are “seeing a shift from mass culture to massively parallel culture”.

It’s an interesting essay on the way in which the memes you assume everyone knows turn out to be the in-jokes of minorities with the same niche interests. Watch the blank stares when you inform a group of non-geeks, “All your base are belong to us”. To outsiders, the l33t are merely ill33terate.

I’d question, however, the assumption that there was ever a meaningful water cooler culture. Certain people with no real lives or interests of their own place an excessive value on the vicarious pleasure they get from following the antics of celebrities, the vicissitudes of soap stars and counting the number of times some men can kick, throw or carry balls over lines, across nets and into holes. Water cooler culture was never more than their arrogant and vocal assumption that everyone else shared their narrow world view or cared about what they thought of last night’s television or last Saturday’s game.

I love literature but I don’t force my opinion of the latest Saramago onto people I know don’t read. I love linux but I don’t start conversations with strangers about what features I expect to see in the 2.7 kernel. I too rarely see an equal courtesy from self-styled football fans or the television addicted.

The dullards who bend my ear in offices, taxi cabs and hairdressers don’t have the imagination to realise that others may not necessarily share their interests. At least the geeks sniggering at a Goatse t-shirt in the New York Times are sniggering because they know it’s a private joke.

I want to believe I’m immune to advertising. I distrust it. When it’s clever, I distrust it even more.

An advert for a product I might buy triggers me to put on my tin-foil hat. The voiceover man is a liar. The headline is untrue. They’re trying to steal your money. Don’t even trust the smallprint.

But when the product is not something I might buy the advertising message slips into my unconscious unchecked and unnoticed.

Years later, when I’m finally in a position where I need something like a washing machine, I have a set of prejudices formed and honed by all the adverts I’ve seen without noticing. I think I know something about the product. Overwhelmed by choice, I fall back into the refuge of illusory knowledge. I choose something that seems familiar even though the source of my information about it is utterly unreliable.

Rackspace have high-profile advertisements every month in Linux Format. Their services are overkill for my needs so I’ve never considered them as a host for my own personal webspace. But when asked to find a hosting company for a friend’s business, guess which was the first company I called? I had skimmed over their adverts without reacting for twelve months but when I needed a product of their calibre I discovered part of me had been paying attention.

Advertising on the web behaves differently with its expectation of an instant clickthrough. Online adverts are used more like a point-of-sale displays near a shop checkout, inviting an impulse buy. Surfers must buy now before they get away.

Because of this advertisers are obsessed with clickthrough rates and the possibility that these can be spiked. These anxieties give rise to a market exploited by companies like BlowSearch that claim to beat click fraud.

This model is fundamentally flawed. It ignores the cumulative effect of thousands of unclicked adverts on future purchases. It’s too crude and gives rise to irritating flashing banners and other short-sighted attention grabbing schemes that make people install ad blocking software because nobody can concentrate on what they’re reading when someone is shouting BUY MY STUFF NOW! at them.

This insistence on instant purchase reflects a fundamental lack of faith in the persistence of the web. It’s an anxiety that surfers may never revisit this page and see this billboard again so their custom must be won now and in this instant or be lost forever.

I do most of my browsing via RSS because I’m sick of the way adverts clog up the sites I want to read. Now adverts are coming to RSS. You can’t escape them. Popularity is expensive and revenue must be found to pay the bandwidth bills.

So until someone finds an alternative way of funding websites, I hope at least advertisers will learn to relax a little, stop worrying about clickthrough and stop shouting. The web’s not going away. It’s part of our world now, for better or worse, like television or radio.

Subtle adverts will win customers in the long term without alienating them in the present.

I’ve been using Suse since 8.1 and I love it. I was moving around a lot when I started with linux and often didn’t have dial-up, let alone broadband. Having seven CDs (and one DVD) full of applications and the source code was a major selling point.

The installer is intuitive and the documentation is very thorough. Everything is well integrated and the security updates are excellent.

I paid for upgrades all the way to 9.1 but since then I haven’t had the money to spare to pay for an update every six months. 9.2 is available for free download. That’s what I’m running on my desktop and laptop and it works well for me.

My sources list in YAST (the main Suse configuration tool) plugs into the Suse ftp sites so when I want to install something it downloads it from there and handles all the dependencies.

yast -i $package is every bit as easy as apt-get install $package.

There are several things that annoy me about Suse including the way subfs mounts hotplugged devices with a name derived from the item id number (fixed in 9.3) and the distributor’s caution about codecs meaning it won’t play encrypted DVDs out of the box. The latter is easy to fix, the former too hard for me.

I’ve installed Debian 3.1 on another partition and am dual-booting now but I find I’m still using Suse all the time largely because I haven’t got round to copying over my bookmarks, firefox extensions etc. into Debian. The Debian installer is not as polished as I expected it to be and configuring X was a PITA that took me back to my very first fumblings with linux (Redhat 5.1 I think?). However, once I’d got past that little hurdle, I was presented with an installation that seems rock solid and responsive.

I haven’t played enough to go beyond that superficial impression.

It’s on the todo list - along with a whole lot of other things.

I’ve been inspired and encouraged by Dougal and Michael to tie together their respective spamblocking scripts. I’m testing the hybrid now.

Assuming all works as planned, if a spambot is detected and blocked by Bad Behavior, SpamValve will also take its IP address and log the abuse. Five offences from the same IP and the address will be blocked at the firewall for a couple of days. Any bots missed by Bad Behaviour that trigger the heuristics built into Wordpress will also have their IP passed to SpamValve.

My changes are crude and can definitely be improved. Consider this a proof of concept. If anyone wants a copy please contact me via =timhardy or leave a comment below.

NB a new update is available for Bad Behavior (which I notice I’ve been misspelling “Behaviour” in the English fashion until now) bringing it up to version 1.1.1.

Just my luck. In the week I’ve been testing spamvalve I’ve had no comment spam… until 5am this morning.

The spammed post was viewed by one IP address then, moments later, a comment was left on that post from a second IP address which then (re)loaded the entry. My traffic is low enough to make it highly probable that the first IP address and the second belong to the same person: neither IP address resolves to a known host so I assume they’re both spoofed.

The post was clearly spam: a vague meaningless statement along the lines of “great info guys thanks” linked to a portal site. It didn’t trigger Wordpress’s built-in spam defences nor the spamvalve plug-in.

By default any comments on this site have to be approved by me before they show up, unless you’ve been whitelisted following a previously approved comment. Clearly this little spambot is designed to move on and spam elsewhere if its comments are held in a moderation queue. A well behaved spambot, who would’ve thought it?

So, I’ve just had one spam to delete manually but the reminder that there’s nothing to stop a spammer from spoofing a different IP for every request thus preventing blocking by address from working. Spamvalve will prevent a less well behaved spambot that makes multiple spam posts from one IP from bringing down your site with unwanted traffic but it’s not a magic bullet.

(To be fair, Dougal never claimed otherwise:

The plan I’m proposing won’t do anything to stop a large number of hosts who only send a couple of spams each. Those will have to be caught by the other anti-spam measures such as content filtering. What I’m primarily aiming for is to keep the worst of the repeat-offenders from tying up my resources for no good reason.

Comment #16 on Spammers should all DIE DIE DIE)

I’m just fortunate that I’m not yet on the spammers radar: obscurity has its advantages. But it’s annoying not to have the chance to properly test out my defences. I’ll regret those words when the storm hits.

There’s a new update for Michael Hampton’s Bad Behaviour anti-spam plug-in out today for anyone using it. I’m going to update and re-enable it from today and keep it running in parallel with spamvalve. I think it’s safest to have several different anti-spam tools in your arsenal.

Of course, the only sure way of blocking comment spam is to blacklist based on the sites the comments link to but that seems an unrealistic goal. Or is it?

Hot on the heels of yesterday’s post comes this news:

Microsoft and the entertainment industry’s holy grail of controlling copyright through the motherboard has moved a step closer with Intel Corp. now embedding digital rights management within in its latest dual-core processor Pentium D and accompanying 945 chipset.

Intel quietly adds DRM to new chips (via Bruce Schneier). Let’s just hope Don Marti is right.

When catching up with an old friend, I told him about my recent fascination with open source. He confided that he didn’t see the need: “My brother’s really into that too, but…” He lowered his voice. “Personally I’m happy to use pirate software.”

GNU/Linux is free software in two senses of the word: it doesn’t cost anything for the right to use it (”free as in beer” as the perplexing cliche has it); and it is supplied with the source code and the right to change it as you desire (”free as in freedom” - or, as Edward Felten puts it, “the freedom to tinker”.)

Pirate software is free as in beer. To the non-programmer with no qualms about the legality and morality of their actions, that is the only thing that mattters.

Open source demystifies software and encourages everyone to participate in its creation by giving them the tools and information with which to do so. But most users are frightened of machines. To someone fascinated with finding out how things work, open source is a great gift. To someone who wants an invisible computer that “just works” it is irrelevent.

Or is it?

I use linux as my desktop OS but I’m not a purist. I have been quite happy to install a free but closed source binary on a laptop for a friend who would never think of writing a macro let alone grepping through code to tweak a feature he didn’t like. I’m happy to taint my own kernel with Nvidia’s closed 3D drivers. But when I see the politicians throwing their weight behind calls for Digital Rights Management, encouraged by old media with deep pockets, I am reminded of the political side of open source and that “free as in freedom” means more than “the freedom to tinker”.

Perhaps zealots like Richard Stallman are society’s last defence against a creeping reduction of rights. The dystopian in me can only too easily imagine a future in which only government licenced software engineers are permitted to own programmable computers and the rest of the population make do with dumb consoles that are little more than fancy televisions.

Don Marti, editor in chief of Linux Journal has no time for such elaborate pessimism. DRM is doomed he thinks because of the free market. It doesn’t make good business sense to develop it or invest in it. If You Don’t Believe in DRM, It Can’t Hurt You.

As a humanities graduate who didn’t begin to tinker with computers until 1999, I have been so awed by the achievements of those who built the software that now forms part of our daily reality that I seem to have absorbed the message conveyed by a pantheon of set-up wizards and druids, that programming is an arcane art indistinguishable from magic.

I started with Windows. I considered myself, at first, a user of software. Then as I grew in confidence and began to tweak applications more and more, I became the office geek: the guy you came to when you had a problem and didn’t want to deal with the patronising sarcasm of the help desk.

I was a fledgling power user, perhaps, but that’s still a user. I wanted to go further. Windows was this impenetrable black box and all I was doing was changing the stickers pasted to its exterior. The Magic Inside ™ was still a mystery.

Switching to linux placed me at the base of a near-vertical learning curve that, after two years of use, has become a pleasant climb. GUI tools held my hand while everything was new. When I was ready, the command line showed me a glimpse of its power. From chaining commands to scripting seemed a natural progression and I began to taste the satisfaction of automating repetitive tasks. But I still felt like a user.

“I know how to write a bash script, how to pipe the output of one command line application into another and control the whole thing with loops and conditionals, but I don’t know how to program,” I thought a few months ago. And so I sat down and began to learn C++. While I’d belittled the shell scripts I’d written and used daily, I finally felt like I’d grown an honourary beard. Now this at last was real programming.

Learning about the C++ standard library, my first reaction is one of awe. That I can define something as a string and then, by virtue of having done so, find out how many characters it has without having to write an explicit routine to count them strikes me as beautiful. But then I feel doubt. Are not strings in C++, therefore, effectively microscopic applications? Is there any radical difference between tying together a series of command line apps like sed, cut and grep with a script and using the standard library when coding in C++?

When do I get my magician’s hat? Is what I am doing not in the end real programming? Do I have to wait until I’m writing my own code libraries or go closer to the metal still and write in assembly?

Or perhaps there never was any magic after all - just brilliantly engineered slight-of-hand.

Dr. Ari Jaaksi of Nokia explains their choice of operating system for the forthcoming Nokia 770 Internet Tablet:

We get our kernel from kernel.org. The processes and package management [come] from Debian. We consider Debian to be the most advanced and most alive, truly open-source distribution.

It is important that Linux for the 770 is not controlled by any company. We go straight to the source. None of the distros were ready for Nokia hardware anyway, and we have internal expertise, so why go through a commercial vendor?

We are in this for the long run. Too many middle men is not a good strategy.

The 770 looks like it will be a beautiful device.