Links

Ben Laurie blathering

30 Sep 2007

Lamb and Apricot Stew

Filed under: Recipes — Ben @ 12:32

I’ve toyed around with this recipe for some time but I think my most recent effort was my best. As usual, you’re on your own with quantities.

Dried apricots
Raisins
Onion
Olive oil
Lean lamb steak
Cinammon stick(s)
Cloves
Salt
Pepper

Put the dried apricots in just enough water to cover and soak for a while. Slice the onion into thin rings, fry until slightly brown in olive oil. Towards the end, add a cinammon stick or two and some cloves, stir and fry for a minute or so. Cube the lamb steak and add it, stirring and frying over a high heat until browned all over. Season with salt and pepper during this. Add the water from the dried apricots, and some extra water if needed to cover the lamb. Bring to a simmer, cover and let it cook for a while – say 30 minutes. Keep an eye on the water – its OK if it gets a bit thick, but you don’t want it to dry out. Stir occasionally. Then add the soaked apricots and some raisins. These should be in generous proportion to the lamb, the idea is to produce something that’s really quite sweet. Simmer for another 30 minutes or so, until the lamb is tender, stirring and topping up as needed.

Serve with rice or cous cous (I made saffron rice this time) and a vegetable (I did one of my favourites – stir-fried purple sprouting broccoli with ginger and soy).

I’m wondering if I added some other flavouring, like wine or stock, but I don’t remember doing it. Probably doesn’t need it – the apricots/raisins/spices are quite intense. This is also one of those dishes that would work really well prepared a day in advance and reheated. Certainly the leftovers were delicious.

I was planning to add orange zest towards the end, but I forgot. Still, a variant worth trying, I think.

29 Sep 2007

More on Cardspace and Passport, or, A Day in the Life of an Open Source Developer

Filed under: Identity Management,Open Source,Programming — Ben @ 19:02

Dale Olds is surprised. It seems mean to leave him in this state, though it seems somewhat ironic that an open source project should be choosing a thoroughly closed phone as a prize. So closed you can’t even install closed source add-ons. I’d rather have an N95, to be honest.

So, the first thing I should say is that I used the word “consumer” rather ill-advisedly. I blame OAuth, which I have been working on recently – it uses “consumer” for one of the roles in the protocol, so the word is on my mind. What I should have said was that there are few relying parties for OpenID of any significance (at least that are prepared to rely on anyone but themselves).

But OK, that aside, let’s see if I can win this phone! First off, Dale says I should read a press release. Yep, OK, Novell want us to be more aware of information cards. They also want us to know that we can do the whole thing with open source. This is, of course, fantastic. So, let’s have at it.

First off, I’m sent to the “Bandit Cards” home page. Apparently I can win an iPhone by merely getting hold of a Bandit Card – I’ll be entered into a draw. Hmm, shame, means I’m relying on luck and not my ‘4337 h4x0r sk1llz. OK, so I follow the link to create an account.

Bandit Create Account Page

OK, so let’s download one of those things.

Bandit Download Page

Hmm. No FreeBSD there, but that’s OK, this is open source. Surely I can build it. After a bit of poking around, I find a download page, from which I can retrieve a source RPM. Now, FreeBSD doesn’t understand RPMs out of the box, but it seems there’s a converter, so one quick portinstall rpm2cpio and a little bit of futzing later and I should be good to go…

[ben@euphrates ~/software/unpacked/digitalme-0.3.846]
$ ./configure
cmake: not found

Not come across cmake before, but FreeBSD’s ports system is at hand, as usual, and happily installs it for me. There, sadly, the fun appears to end:

-- Release DigitalMe build.
CMake Error: Command "/usr/local/bin/svn info /home/ben/software/unpacked/digitalme-0.3.846" failed with output:
svn: '/home/ben/software/unpacked/digitalme-0.3.846' is not a working copy

Well, quite so, it is not a working copy, because it is an RPM! However, a bit of poking suggests that this error is not as fatal as it seems – though a later error is

-- Unable to find GLIB_CONFIG_INCLUDE_DIR
-- Could not find GLib
-- Gnome Keyring not found.
CMake Error: Unable to find a secret store provider.
-- Configuring done

Is it just me, or is this rather misleading? The configuration appears to have failed, since there are no Makefiles, but it completes as if all was well. In any case, this is beginning to get a bit painful, but once more, after a bit of futzing (in CMakeModules/FindGLib.cmake and CMakeModules/FindGnomeKeyring.cmake) I manage to get it to find Glib and Gnome Keyring and we move on to the next problem

-- Looking for GTK2 ...
-- Unable to find GTK2_gdk_CONFIG_INCLUDE_DIR
CMake Error: Could not find GTK2
-- Configuring done

I’m beginning to get the hang of this – dealt with in seconds. And finally the ./configure completes without error. But still no Makefiles. Yet more poking suggests that I really should be running

./configure --debug-output

if I really want to know what’s going on. And what’s going on is this:

The end of a CMakeLists file was reached with an IF statement that was not closed properly.
Within the directory: /home/ben/software/unpacked/digitalme-0.3.846
The arguments are: NOT ${Subversion_svn_info_result} EQUAL 0
-- Configuring done

Nice. An error you only find out about if debugging is on. OK, so this exhausts my cmake-fu. Can’t figure out how to fix this one. But I am not daunted – I do what every open source developer would do – go to the bleeding edge

svn co https://forgesvn1.novell.com/svn/bandit/trunk

The code I’ve been playing with lives in the iss subdirectory. And yes! After some editing of the cmake configuration, this actually generates Makefiles! Yes! (Once I’ve sorted out the usual irritation of svn checking out into a directory called “trunk”, that is). Not that it builds – I get a ton of errors on a make. Turns out there’s a header with platform info in, and FreeBSD is not configured – although I hate the GNU configure system, this kind of stuff makes me appreciate it! More hackery and I have some kind of configuration set up for FreeBSD. Then its just a matter of build, fix, build, rinse, wash, repeat until the compile completes. Which it does, eventually.

So I am now the proud possessor of a binary called digitalme. Now what, I wonder? I guess that’s tomorrow’s job, because now I have to cook.

For the truly geeky, here’s the diff:


Index: ftk/include/ftk.h
===================================================================
--- ftk/include/ftk.h (revision 960)
+++ ftk/include/ftk.h (working copy)
@@ -41,6 +41,7 @@
#undef FTK_SPARC
#undef FTK_SPARC_PLUS
#undef FTK_X86
+ #undef FTK_FREEBSD
#undef FTK_BIG_ENDIAN
#undef FTK_STRICT_ALIGNMENT
#undef FTK_GNUC
@@ -134,6 +135,11 @@
#else
#error Platform architecture not supported
#endif
+ #elif defined(__FreeBSD__)
+ #define FTK_FREEBSD
+ #define FTK_UNIX
+ #define FTK_OSTYPE_STR "FreeBSD"
+ #define FTK_X86
#elif defined( sun)
#define FTK_SOLARIS
#define FTK_OSTYPE_STR "Solaris"
@@ -410,7 +416,9 @@
#elif defined( FTK_UNIX)
#if defined( FTK_GNUC)
#define FTKAPI
- #define FTKEXP __attribute__ ((visibility("default")))
+// BEN: this causes a million warnings, so removing pending clearer understanding
+// #define FTKEXP __attribute__ ((visibility("default")))
+ #define FTKEXP
#else
#define FTKAPI
#define FTKEXP
Index: ftk/src/ftkunix.cpp
===================================================================
--- ftk/src/ftkunix.cpp (revision 960)
+++ ftk/src/ftkunix.cpp (working copy)
@@ -428,6 +428,13 @@
{
return( f_mapPlatformError( errno, NE_FTK_FLUSHING_FILE));
}
+
+#elif defined(FTK_FREEBSD)
+
+ if( fsync( m_fd) != 0)
+ {
+ return( f_mapPlatformError( errno, NE_FTK_FLUSHING_FILE));
+ }

#else

Index: ftk/src/ftkxpath.cpp
===================================================================
--- ftk/src/ftkxpath.cpp (revision 960)
+++ ftk/src/ftkxpath.cpp (working copy)
@@ -1889,7 +1889,7 @@
break;
}

-#if defined ( FTK_LINUX) || defined ( FTK_NLM) || defined( FTK_OSX)
+#if defined ( FTK_LINUX) || defined ( FTK_NLM) || defined( FTK_OSX) || defined ( FTK_FREEBSD)
if( ui64Num > ((0xFFFFFFFFFFFFFFFFULL / 10) + (uChar - FTK_UNICODE_0)))
#else
if( ui64Num > ((0xFFFFFFFFFFFFFFFF / 10) + (uChar - FTK_UNICODE_0)))
Index: CMakeModules/FindOpenSSL.cmake
===================================================================
--- CMakeModules/FindOpenSSL.cmake (revision 960)
+++ CMakeModules/FindOpenSSL.cmake (working copy)
@@ -23,19 +23,27 @@

# Locate OpenSSL files

+# BEN: Kludge in local version of 0.9.8 - FreeBSD uses 0.9.7, which
+# doesn't actually work - so this file should not check for 0.9.7.
+# Surely there's some way to do this without hacking this file?
+
if( NOT OPENSSL_FOUND)

find_path( OPENSSL_INCLUDE_DIR ssl.h
- PATHS /usr/include
+ PATHS /home/ben/work/openssl-0.9.8/include
+ /usr/include
/usr/local/include
PATH_SUFFIXES openssl
NO_DEFAULT_PATH
)
+# remove the trailing "openssl" (this is not a kludge, it is needed)
+ STRING( REGEX REPLACE "/openssl$" "" OPENSSL_INCLUDE_DIR "${OPENSSL_INCLUDE_DIR}")
MARK_AS_ADVANCED( OPENSSL_INCLUDE_DIR)

find_library( SSL_LIBRARY
NAMES ssl.0.9.8 ssl.0.9.7 ssl
- PATHS /usr/lib
+ PATHS /home/ben/work/openssl-0.9.8
+ /usr/lib
/usr/local/lib
NO_DEFAULT_PATH
)
@@ -43,7 +51,8 @@

find_library( CRYPTO_LIBRARY
NAMES crypto.0.9.8 crypto.0.9.7 crypto
- PATHS /usr/lib
+ PATHS /home/ben/work/openssl-0.9.8
+ /usr/lib
/usr/local/lib
NO_DEFAULT_PATH
)
Index: CMakeModules/FindGTK2.cmake
===================================================================
--- CMakeModules/FindGTK2.cmake (revision 960)
+++ CMakeModules/FindGTK2.cmake (working copy)
@@ -71,6 +71,7 @@
/usr/local/include
/usr/lib
PATH_SUFFIXES gtk-2.0/include
+ gtk-2.0
NO_DEFAULT_PATH
)
mark_as_advanced( GTK2_gdk_CONFIG_INCLUDE_DIR)
Index: CMakeModules/FindGLib.cmake
===================================================================
--- CMakeModules/FindGLib.cmake (revision 960)
+++ CMakeModules/FindGLib.cmake (working copy)
@@ -28,7 +28,8 @@
find_path( GLIB_INCLUDE_DIR glib.h
PATHS /opt/gtk/include
/opt/gnome/include
- /usr/include
+ /usr/include
+ /usr/local/include
PATH_SUFFIXES glib-2.0
NO_DEFAULT_PATH
)
@@ -41,7 +42,9 @@
/opt/gnome/lib
/usr/include
/usr/lib
+ /usr/local/include
PATH_SUFFIXES /glib-2.0/include
+ /glib-2.0
NO_DEFAULT_PATH
)
MARK_AS_ADVANCED( GLIB_CONFIG_INCLUDE_DIR)
Index: CMakeModules/FindGnomeKeyring.cmake
===================================================================
--- CMakeModules/FindGnomeKeyring.cmake (revision 960)
+++ CMakeModules/FindGnomeKeyring.cmake (working copy)
@@ -34,6 +34,7 @@
GNOME_KEYRING_INCLUDE_DIR gnome-keyring.h
PATHS /usr/include
/opt/gnome/include
+ /usr/local/include
PATH_SUFFIXES gnome-keyring-1
NO_DEFAULT_PATH
)

28 Sep 2007

Has Cardspace Become Passport?

I reviewed an article about identity management the other day. It got me thinking about what is really used out there, and what for?

People like to hail OpenID as a huge success, but as far as I can see its popularity is entirely on the provider side. There are no consumers of note.

Similarly, Cardspace appears to live in its own little world, supported only by Microsoft products.

Funnily enough, the only thing that seems to really be used much is SAML, widely used in enterprise SSO and in Shibboleth.

So why does this make Cardspace like Passport? Well, the fear with Passport was that Microsoft would control all your identity. The end result was that Microsoft was the only serious consumer of Passport. When Cardspace is deployed such that all providers and consumers of identity are really the same entity, then all its alleged privacy advantages evaporate. As I have pointed out many times before, when consumers and providers collude, nothing is secret in Cardspace (and all other standard signature-based schemes). So, there’s no practical difference between Cardspace and Passport right now.

(Sorry, no links today, I’m in a hurry)

26 Sep 2007

Bacula!

Filed under: General,Open Source — Ben @ 9:44

While I was out of the country (of course) my backup machine died, with a flaky root filesystem. I’d been expecting this to happen since the disk had been showing errors for some time, so I already had a new disk ready to replace it. I’ve used Amanda for backups for so long I can’t remember when I started, but lately both The Bunker and FreeBMD have started using Bacula, so I decided to give it a go.

This turned out to be a great idea! Here’s a few reasons why:

  • Works with Vista – Yes, my kids both have Vista machines. I’d completely failed to get them working with Amanda, which needs to be able to see their disks via SMB. In contrast, Bacula runs an agent on each machine.
  • Can span tapes – Amanda can’t deal with a backup that is bigger than a tape. Bacula has no issue with that at all. Obviously with Amanda this means you can’t safely have a filesystem larger than your tape, or you have to jump through some pretty large hoops. With Bacula I can have filesystems any size I want.
  • Uses tapes efficiently – perhaps arguable, this one. Amanda kinda heuristically tries to fill the tapes, so you get full backups as often as is possible, and in any case always uses a full tape each day. Bacula instead uses a rigid full/incremental schedule (as defined by you). This means you probably get full backups less often, but uses far less tape, since Bacula is quite happy to append to the tape until it is full. So far I’ve been running about 2 weeks and have used 3.5 tapes, as opposed to Amanda’s 14.
  • You can see what is going on! – Bacula has an interactive utility that shows what it is up to. This is very useful when setting up, especially since you can schedule individual backup runs to happen right now instead of their scheduled time.

Add to that the fact that from having nothing installed (not even an OS) to having Bacula running only took me a few hours, and most of that was waiting for things to install, thanks to FreeBSD and their ports system.

That said, there is one thing I’m not superkeen about with Bacula: its has a pretty arcane configuration system. I’m sure there are reasons for the strange way it is subdivided, but they are not apparent to me.

21 Sep 2007

Marketing Doublespeak From TomTom

Filed under: General,Motorbikes,Rants — Ben @ 6:15

I’m having a bit of a run-in with TomTom at the moment. The details are boring, but the short version is I bought a second device, for the car, registered it at their site, and as a result de-registered my existing GPS and associated the add-ons I’d bought for it with the new one. This would be OK except that they are now refusing to let me change it back!

If I want to escalate my complaint about this, here’s what I have to do. What you have to love about this is

TomTom wants to do the following:

  • Make it easy for you to raise your feedback

If you are not satisfied with any aspect of our service or products, tell us about your concerns by writing us a letter.

Our address is:

TomTom Sales BV
Customer Support – Customer Relations Department
Rembrandtplein 35
1017 CT Amsterdam
The Netherlands

Isn’t that awesome? We want to make it easy, so schlep down to your post office and figure out international postage – that’s so much better than this new-fangled email thing.

Of course, they don’t really want to make it easy – then they might have to investigate some minor complaints, and that would be a waste of their fine minds. They want me to be seriously pissed off before I bother them. And I am, but, thanks to the blogosphere, I can take my complaint to the people that matter: their customers.

13 Sep 2007

ShmooCon ’08: Call For Papers

Filed under: Security — Ben @ 11:27

This year I’m co-chair of the program committee for ShmooCon. So, it is my solemn duty to inform all y’all that the CFP is up.

Come and tell us something interesting!

12 Sep 2007

Thoughtcrime Gets One Step Closer

Filed under: Civil Liberties,Rants,Security — Ben @ 16:39

EU Justice and Security Commissioner Franco Frattini joins the ranks of the terminally deluded

I do intend to carry out a clear exploring exercise with the private sector … on how it is possible to use technology to prevent people from using or searching dangerous words like bomb, kill, genocide or terrorism

Do you, indeed? Of course, this is going to make a huge difference: Hitler would never have killed all those Jews if we’d managed to stop him Googling for “genocide”, after all, so I can totally see your reasoning here.

I really like that he wants to stop us even using these words. When will they be struck out of dictionaries? And all the books they appear in?

Hmm, if we can’t say “genocide” does that mean that we’ll all be forced to deny the Holocaust? Isn’t that actually a crime in some EU countries?

11 Sep 2007

Google Open Source Jam

Filed under: Open Source — Ben @ 13:07

Once more Google is holding the fun-filled London Open Source Jam, on the 4th of October. For a change, I am in the country, so I am planning to be there. So should you. Or somewhere else.

The subject is Web. But who cares what the subject is? There’s free beer. Free pizza. Free software. And cool people.

10 Sep 2007

Breaking News: Hi Tech is Cool

Filed under: General — Ben @ 22:27

I was just stoking the steam engine that pumps our well, when the town crier mentioned this story. I was struck by the quote

It reveals that older media such as TV, radio and even DVDs are being abandoned in favour of more modern technology.

Go figure. And they said the spinning jenny would never catch on!

6 Sep 2007

Tor Goes Mainstream!

Filed under: Crypto,Open Source,Security — Ben @ 18:32

I got a spam today

Do you trade files online? Then they will come after you. If the RIAA
finds you they will come after you. Tor eliminates the trail that leads
to you. Get this software now and stay safe: http://xx.yy.zz.ww/

This leads to a fake Tor page inviting you to download … who knows what? Something bad I haven’t bothered to analyse yet.

But the interesting point is this: if Tor is worth targetting for your Trojans, then Tor has entered popular culture. Which rocks.

Powered by WordPress