FUDCon 2011 — after my presentation

So I’ve just given my presentation at FUDCon on some basic security strategies to install on your system.

People seemed receptive. A couple of the ideas that came up was the use of denyhosts before I mentioned it, and a bit of controversy over the root user. People were suggesting the use of keys instead of passwords for the root user, and using sudo instead of allowing direct access to root.

The pairing with someone else worked ok for me — I started at 14:30 and got through all my slides in 20 minutes, including a few questions and comments; I did have to go a mile a minute though. The other person, who did an exposé on the Fedora Security Labs spin, however, had to skip a few of the things he wanted to do and talk about. His presentation was nonetheless interesting.

As I said people were generally receptive and respectful, and people generally recognised that my presentation covers basic security that anyone and everyone should do, and that it’s not necessarily intended to cover all cases or massive networks.

FUDCon 2011

Here I am at FUDCon in Tempe, Arizona.

First off, on a side note, I knew that Arizona was warm. But I left late January and came to early September. I’m blown away that I don’t even need a light jacket let alone a parka. This is the kind of weather that would be nice all year long, but I hear that Phoenix is a bit too warm, certainly for me, in the summer … 🙂

Currently I’m in a Fedora Board Meeting or whatever where things along the line of discussing the future of Fedora and how people can get more involved. Jared, the current Fedora leader, has 15 “short list” goals up on the screen, basically discussing general lines of how people can contribute and how the project can get the right people to the right job, as well as “how to get there”.

This morning I attended a talk given by an anthropologist who studied the Fedora community, such as through a previous FUDCon, and discussed her findings and how people were involved, why, and all sorts of interesting stats.

During the next session I’ll be giving my presentation on Strategies to Secure a linux system, but given the number of talks, the BarCamp style voting, and the available time & rooms, I’ve been paired with another presenter who will be discussing general security practices; his presentation is supposed to be general in nature, while mine is technical and a specific list of things to do, so perhaps this will work out nicely since he’ll presumably talk about “you should allow this and disallow that” while I discuss “go here and do this, and here are the menus to click or the command line how”. The person seems quite nice and we’ve agreed to speed up our presentation speeds and divide the time more or less equally amongst ourselves.

To be followed.

FUDCon 2011: Almost here!

So I’m quite excited about my upcoming attendance at FUDCon.

I also have some (sort of, depending on your perspective) answers to my questions, gleaned from a couple of discussions on IRC:

– People are available on IRC — Freenode at #fedora-fudcon. However, over the past week it has seemed quiet, but people are there and do answer questions and will chat.
– A list of the available restaurants was provided to me. It includes restaurants, take out (I’ve heard of Five Guys, Burgers and Fries, I’ll have to try them out), delivery places (heavy on pizza — let’s hope they can make it right, pizza outside of Quebec is a strange beast, even the good stuff), and at least one brewpub, which is in walking distance of the conference. The list will be provided in the information package given out to everyone upon registration/check in. Which means that, as I pretty much expected, people are on their own for food the whole time, just as I will be during the rest of my vacation in the area. Nice to know, though. Hopefully any further information different from that will be communicated, as I’m sure it will be.
– Yes, a projector will be available.
– And for the fun part, the presentations will be judged/refereed along the lines of “On Saturday morning, there will be sign up sheets for the various presentations. Those with the fewest sign-ups will be dropped or combined with other similar presentations according to the number of presentations and the available space.”

Also, I still have to figure out how to either not freeze on the way to the airport in Montreal, and then back home, or not boil to death with my parka when I arrive in Phoenix. Around here in Montreal this time of the year, “warm” is about -10C to -25C, without the wind chill. Phoenix area, “cool” is around +4C; “warm” is about +17C. Sheesh, to me that sounds like mid to late September, not late January. 🙂

FUDCon, Tempe, Phoenix, and the Grand Canyon, watch out, here I come. I’m a LUzer bay-bai, so why don’t you flame me? 🙂

FUDCon 2011 — Tempe, Arizona

Well, here I am, I finally did it. I’m going to FUDCon 2011 in Tempe, Arizona.

After months of saying to myself and friends “Oh I think I’d like to go do this” and asking my brother if he’s interested, and telling all sorts of people “Yep I’m doing it, I’m thinking about doing it, I’m still in the talking about it stage; I just haven’t committed to it yet”, I bought my airline tickets a couple of weeks ago to go to Phoenix, Arizona, and made reservations at the hotel. (Yes, the nice people at the hotel, months after the block was “closed”, graciously gave me the Red Hat Group rate for 6 out of 7 nights — quite the savings!)

So I’ve been working for the past few weeks at translating, updating, revising, rationalizing, etc. a presentation on System Security I presented at my local LUG a couple of years ago. (Of course it’s not in English, silly, why do you think I’ve had to work on translating it?) I’ve also been following the wiki page for the event. I even have my Fedora Friend Finder ready to bring with me.

But … apart from a few blog posts here and there, and of course the availability of the administrative notices / minutes from the planning meetings, I haven’t found what appears to be, let’s say, an online forum where FUDCon is being discussed. (Yes, I know, there’s Planet Fedora — however, it seems to discuss pretty much everything under the Red Hat sun.) The kind of place where people discuss what they’re doing outside of the formal event structure, when they’re arriving, asking questions of participants of previous such events, and so on. Basically, chatter.

I’m wondering a few things, and hope that perhaps this post will help me out in at least finding a nudge in the right direction:

– Is there a forum where people are virtually gathering and discussing the plans and attendance and logistics and so on surrounding going to FUDCon? You know, chatter?
– Assuming that my presentation isn’t tossed for being too long, too technical, too boring, out in left field, or targeted to the wrong audience (it’s sysadmin stuff, not development), will there be a projector available? Will I need my laptop — which I’ll of course have anyway — or just a USB memory stick with the presentation on it? (OO.o format, or PDF? Of course I’ll be ready for all of these circumstances.)
– Regarding my presentation, will someone be wanting it to be submitted in advance for the part about “Refereeing for technical sessions”? Or will “in advance”, in keeping with the “so do not worry about competition” part, mean half an hour before the “Orientation, BarCamp pitches and scheduling” at 9:00am Saturday?
– I signed up after the 140 cut-off mark for food and swag. I don’t have a problem with the basic concept per se: you snooze, you lose, you should have signed up earlier. However, I’m just wondering what the real implications to this are — to what food is being referred? Breakfast, lunch, and supper throughout all the event? Snacks in the hospitality suite — no green stamp on your name tag, no food? A few chits for free meals, given to the first 140 people, at the Student Union cafeteria where a lot of people presumably will eat during the breaks? Food during the FUDPub, at which Red Hat “will be treating everyone to food”? (Or just the first 140 — everyone else with a differently-marked name tag will have to pull out their wallets?) I’m just trying to figure out logistics, that’s all; I’m trying to find the ad for the advertised food, so that I know what’s being discussed. Money isn’t the issue; I’m just looking for some kind of indication, that’s all.

Well, that’s off my chest.

In other directions, I guess I now have to prepare my laptop for going through customs:
– set up an automatic login (a warning against which is in my presentation);
– do a bit of a system cleanup (a suggestion about which is in my presentation);
– remove some privileged information and make sure that it’s really wiped;
– realize that US Customs probably won’t care about my computer, and that the only people who might will be the airline — and hopefully only be amused at the XRay area when they see the square, plastic bucket I carry it in (but hopefully not say that’s it’s oversized, which it shouldn’t be. The primary airline’s limits are 23 cm x 40 cm x 55 cm; the secondary airline’s limits are 23cm x 35cm x 56 cm. I’ve just checked, and it fits.)

Free PDF splitters, and other crippleware

Yesterday I downloaded a PDF splitter to use on my MS computer at work. And I got bitten, hard. I wouldn’t exactly call it crippleware; most people expect even crippleware to be minimally useful. This piece was not.

I shall quote the message that I sent to their support email addy:

I am writing to let you know that your free trial download for the PDF splitter is not a useful piece of software at all, for the simple reason that it intentionally and flagrantly renders the split documents useless by inserting the “watermark” — a large message spanning the diagonal of the page, in cherry red characters, saying “in order to remove this message please visit our website” — across every page of the document.

Were it to put a far more discreet message along the top or bottom, this might be tolerable however ugly it would be; however, it is hardly of any value to anyone wishing to take advantage of the “15 free uses” or somesuch in order to evaluate the software before deciding to purchase it; in fact, I expect that most people downloading the evaluation copies are immediately turned off by this malfunction.

Obviously, I don’t expect a response from them, at least not a useful response. Obviously, I would never have bought the software to begin with were I to have had a good experience using the software — I admit it, I’m cheap.

And sure, I should have thought things through a bit better and (as I mention below) install Ghostscript to do the job. Sure, I was in a bind and embarrassed myself and my employer in front of the client.

So of course, the following reactions come to mind:

– What, the programmer(s) wanted to show off their skill at insering “watermarks”, and that are ugly to boot?
– Or did the programmer or company put more thought into the dollar signs floating in front of their eyes than, oh, I don’t know, producing a piece of software that someone may actually wish to buy?
– Or did the Marketing Department convince the programmer’s supervisor that the watermark had to be put in?

And on a personal level:

– I should install ghostscript and run:
“gswin32c -sDEVICE=pdfwrite -dNOPAUSE -dQUIET -dBATCH -dFirstPage=m -dLastPage=n -sOutputFile=out.pdf in.pdf”
– I should stop trying to delude myself that there won’t be an ever increasing number of useless PDF tools out there that require you to buy the product before getting a true evaluation copy;
– When using my work computer, stop using a Windows mentality, and apply a thing or two that I know how to do under linux.

Of course in the short term, what I did was speak with the secretary very nicely, who has Adobe Professional to split the file, and she did.

My point should be clear: If you want to sell your software, go right ahead; I won’t be buying it anyway. And if you want to give away a trial period during which people can, well, try the software, go right ahead; I may try your product during the trial period. But why give a free trial period (in the case above, 15 operations) that reflects poorly on the company and actually annoys your potential customers?

Powersurge is a hit!

A few months ago I found a computer on the sidewalk and installed PC-BSD on it. Once I got over the novelty of having done an install, installed something sufficiently “different” from that to which I’m accustomed, etc. etc. etc., the computer languished on my floor beside my home server with no purpose. I never bothered trying other linux distros (partly due to what proved to be the spaghetti wiring inside making my original install seem like a fluke, as it turned out, since I subsequently had trouble booting in and getting the CD players to work), and finally offered it to my brother, who said it’s been a while since he’s had a home server.

To recap, it’s an AMD 1000MHz with 512megs of memory, and to my surprise, an 80gig hard drive (I seem to recall having gotten about 36Gigs out of it with the PC-BSD setup.)

Last weekend we installed Fedora 13 on it after figuring out the spaghetti wiring inside. He brought it home from the cottage, did the updates and started doing his custom setup. Since it’s been a little while since he’s used Fedora — using CentOS on his production servers and having converted to Ubuntu on his desktop, he was impressed at how peppy the Gnome desktop is, and how polished and stable overall the distro is.

And finally, it seems that the problem of it not booting up a few months ago at the cottage has been solved: it seems that it was a defective power cord. The machine worked everywhere else, and when we went through my set of power cords, one didn’t work, so we figured out that any possibility that the previous owner thought it had been fried in a power surge — hence the name of the computer — was due to a faulty wire, that probably came with the computer on the side of the street.

Thank you CNBC!

I noticed something this afternoon on CNBC. A listing was “To Be Announced”. It didn’t do much other than to grab enough attention so as to get filed in the back of my mind. Right now at 22:00 Sunday August 22 2010 EST the show is “House of Cards”, about the recent credit crunch and foreclosures, and the schedule says “To Be Announced”.

There are three more such one hour slots announced as “to be announced” tonight. I have just checked the schedule as far as there’s data; these are the only four such slots.

In the past week or so my impression of the CNBC schedule is that the accuracy rate of the announced schedule vs. the actually broadcast show has shot up.

I bet they got around to finally reading at least my first post, and possibly the others.

It’s about time.

Thank you, CNBC.

(I hope. As in, I hope I’m not taking credit where it’s not due.)

Oreo uses linux?

There’s an Oreo commercial with a father and son eating Oreo cookies together at son’s bedtime via the internet while Dad is on a business trip somewhere it’s morning already. I’ve seen this commercial a few times over the past I don’t know how long.

A quick glimpse at the boy’s laptop screen makes me wonder for the umpteenth time — is that a Gnome desktop with a Fedora blue?

Obviously as usual it’s a quick, oblique view of a screen whose resolution is just fuzzy enough that it’s hard to tell. The basis of my hope is, as stated, the Fedora blue background, plus the white taskbar at the top of the screen and what appears to be the Gnome menus.

Anyway, yet another entry in the “I hope I’m not disappointed again but it probably isn’t linux use” in commercials game.

News Flash — Linux spotted in the wilds of Montreal — again!

Back in January I mentioned a chance meeting with someone on a commuter train using Fedora on their laptop. Well this afternoon, I had another such chance meeting in a pub.

At a 5 à 7 (Quebec speak for “Happy Hour”) at Hurley’s Irish Pub on Crescent Street this afternoon, I walked by someone with a laptop listening to the Irish musicians, and almost walked by, the Ubuntu icon in the corner of the screen was so familiar (despite being a die-hard Fedora user). I realized my error and exclained “Wow Ubuntu in the wild!

I got a quick look at Ubuntu Netbook Remix using Chrome. Dan, the user, said that though he uses Firefox at home on his desktop, he finds that Chrome is way faster at least on his netbook. He said that the machine came with another Linux distro when he bought it, which he didn’t much like, so he reformatted.

Well, Dan, you made my day!

CNBC, why can’t you just say “Programming To Be Determined”?

Well, it’s time to collectively put on our tin foil hats again. I’m not sure if there’s a Mea Culpa here from me, or if this merely firms up my idea that CNBC should “Announce what they’ll be broadcasting, and broadcast what they announce.” Or perhaps at least announce “Programming To Be Determined”.

Here are my previous entries on the subject: CNBC, take a lesson from the March Hare: Announce what you’ll be broadcasting, and broadcast what you announce and More on the CNBC schedule.

The base of my argument is that for a significant number of time slots, outside North America’s Eastern Time Zone’s business hours Monday to Friday, CNBC’s announced schedule isn’t particularly reliable. Possibly, in Canada only (since I get the Canadian feed, not the American feed.)

My argument isn’t with what is announced, or what is broadcast; in fact, on weekends, often while there are a lot of timeslots announced to be infomercials, the actual broadcasts are shows that are far more interesting (at least to me, and I suspect to the target CNBC viewers), such as “American Greed” or another one of CNBC’s excellent documentaries on businesses, products, and business people, or investigative reports. At other times, the shows that are broadcast instead of the announced shows are of equally high calibre. Finally, at other times, live market shows are shown instead of the announced shows, such as Squawk Box from the Pacific Region (Australia, Japan, China, etc.).

My argument is with the fact that the announced schedule and the actual broadcast schedule don’t match. In a chronically rampant fashion (and yes, the differences continue to this day; I’ve been watching different shows on CNBC from what was announced all this weekend.) Virtually all other channels and networks seem able to do a competent job of making the two almost always identical. Sure there are the very occasional errors, be they clerical errors about the show to be broadcast, or the episode summary. Occasionally, breaking news or other such time-sensitive programming (emergency alerts, last-minute press conferences from authorities, “Town Hall” style meetings with local leaders, etc.) relevant to the station’s or network’s mandate get put in instead of the announced broadcast. But never such that I can even say “but never so flagrantly as what I’ve seen with CNBC’s schedule.”

This weekend, amusing myself, I have been doing some surfing about CNBC. I came across this piece on Wikipedia on the subject of CNBC’s regional programming, particularly here in Canada (June 06, 2010):

http://en.wikipedia.org/wiki/CNBC#International_channels (here’s my archive)

“In Canada, CNBC can be seen with most of the programming identical to the US counterpart. However, due to Canadian programming rights, the 9pm slot which shows television programming such as Deal Or No Deal, The Apprentice, 1 vs. 100 and Heads Up Poker, as well as any and all Olympic Games coverage, are replaced by CNBC World programming. However, documentaries are shown in Canada. This had the making of a major problem, as a highlight episode of The Apprentice 5 that aired April 23, 2006, was assumed to not be available anywhere for Canadians due to these blackouts. While the first airing at 9:00pm ET was blacked out, the second airing at 12:00am ET was accidentally shown. Blackouts on episodes that originally air on NBC and Global are likely to continue. However, occasionally, the television shows are shown and are not blacked out, possibly due to a mistake in transmission.”

This confirms the notion that occasionally there are clerks from either CNBC’s or Shaw’s (a Canadian satellite TV supplier) programming departments who take too many coffee breaks and make mistakes juggling the schedules and differences between the two countries. This happens anywhere and everywhere, and is understandable.

I also don’t have an issue with the notion that there are replacements and substitutions in the programming (see previous paragraph); in any case, c’est la vie.

It also confirms the occasional blackout situation to which I indirectly but not expressly alluded in one of my previous posts when I talk about the flicker at the beginning of some of the programs: Sometimes there are broadcasting rights issues here in Canada, such as:

– the copyright owner does not allow the distribution outside of the US, or within Canada;
– the copyright owner wants an extra fee for broadcasting rights outside the US, or within Canada, which CNBC is unwilling to pay;
– a separate Canadian affiliate of the copyright owner, or another network, or someone else, holds the distribution rights for given shows here in Canada;
– etc.

And except in the cases where another network in Canada holds the distribution rights, maybe CNBC doesn’t want the bother of a new set of negotiations or fees; this is CNBC’s prerogative. Certainly defining the conditions of distribution is the prerogative of the copyright holder(s).

It also indirectly allows for why an announced infomercial such as “Get Ripped in 90 Days” and “Insane Sexy Bodies” is replaced by another show, such as “American Greed” or another one of CNBC’s excellent documentaries on businesses, products, and business people, or investagative reports: The sponsor isn’t interested in selling to Canadian markets (which is their prerogative) or can’t sell their product or service in Canadian markets (let’s say it’s a product that doesn’t meet Canadian Regulatory Standards, or has never been submitted for regulatory review in Canada.)

But so far I haven’t seen anything that explains why the CNBC’s schedule is so out of whack: If CNBC has to modify its broadcast schedule here in Canada for whatever reason, and it seems — let’s presume — that CNBC’s programming department is doing its job right and all broadcast rights are being respected, then why can’t they also send the corrected schedule, which they’ve managed to figure out, to the programming departments of Shaw and other cable companies, and to TV Guide?

I doubt that at 59 minutes and 59 seconds before the hour, as they’re about to put in the next tape, they flip a coin. Or, that a week in advance when they send the schedule to Shaw, other cable companies, and TV Guide, it’s easier to plug in all sorts of programming in the announced schedule that they have no clue whether or not will actually be broadcast, than to just say “Programming To Be Determined”.