My longest standing issue for converting my Dad to Ubuntu was one investing website that uses an ActiveX control. They do have a way for Firefox users though, but it doesn't work on Linux or with wine.

I eventually started trying to get IE4Linux (which uses wine) to get it to work. And it worked fine, except for the flash ads, which make the page unbearable to look at (the entire page flickers when any movement is registered in any flash window).

Now I couldn't just get rid of flash, because they used flash for videos on the site. And I don't have any interest in learning to block things in IE.

The eventual solution: IE4Linux with Moblock (Peerguardian for Linux) to block the IP addresses of Ad servers, so no more annoying flash ads.

The Scientific American is giving special coverage of privacy in its September 2008 issue. Among the articl;es in the issue are the following:

• Whitfield Diffie and Susan Landau: Internet Eavesdropping: A Brave New World of Wiretapping,
• Katherine Albrecht: How RFID Tags Could Be Used to Track Unsuspecting People,
• Simson L. Garfinkel: Data Fusion: The Ups and Downs of All-Encompassing Digital Profiles,
• Daniel J. Solove: Do Social Networks Bring the End of Privacy?, and
• Esther Dyson: How Loss of Privacy May Mean Loss of Security.

If you can, take a look at the print edition. The print edition has some informative graphics that weren't quite duplicated on the Web.

J.D. Abolins

with your HDTV and not paying a dime to a cable or phone company.
It is available in 1080i on digital broadcast TV. My family has actually gone back to broadcast to get it.

What channels can you get (in Cherry Hill, with a really bad antenna)?
Note: Channels 6.* came back to not being flaky and some of the higher numbers are flaky again.

Oh, and Hello Planet Ubuntu!

The Chronicle of Higher Education has an interesting article about Colleges and Universities who have “bent over backward to help the Recording Industry Association of America curb illegal file sharing on his campus” before by passing on “prelitigation settlement letters” and gave over other information in the past. These colleges have found that the RIAA is just asking for more and more information that is overburdening already stretched thin staff. Now that they have realized the amount of effort and staff time they have been spending on this, and have concerns that doing some of these things may actually violate Family Educational Rights and Privacy Act (FERPA), they are finding that past compliance is causing them problems. It is hard to convince a judge that responding to these requests now are an “undo burden” if you have followed through in the past. I guess what surprises me a little about this is how the Universities in the article didn’t consider this early on, before responding to the first request. It is not really surprising that your past actions will be held against you in these types of cases. Once you start bowing down to the RIAA, or any other organization doing this witch hunts, it is hard to break away. Maybe these colleges should have been a little bit more concerned about violating FERPA and having the wrong students accused in the first place. I guess that is the lesson here. If you are ever put in to the situation these colleges were put into first, you need to make sure you think through all of the consequences of how you respond the first time as once you make a decision to comply, it will be very hard to undo that choice.

There has been much tech chatter about Dan Kaminsky's reporting about a major DNS vulnerability. I am not going to rehash all the reporting here. But I do want to mention a few odds and ends observations.

• Dan Kaminsky has some information about the DNS vulnerability, his Defcon presentation, etc. at http://www.doxpara.com/ (IP address:157.22.245.20). The site also has a DNS Checker to see if you Internet connection is particularly vulnerable to DNS mischief. Take a look at his post with "Summaries".
  
• Steve Friedl has "An Illustrated Guide to the Kaminsky DNS Vulnerability". Nice!
• It can be prudent to catalogue the IP addresses of crucial site you use. One way is to use nslookup to find the IP addresses.
• BUT connecting to a server using its IP address is not a 100% guarantee of protection from DNS mischief. If, for example, the server pulls information from other servers using DNS information, the DNS vulnerability could affect this. Mashups could be particularly susceptible to this.
• If you're using Firefox and accessing a site using its IP address instead of the usual URL, you may run into a Secure Connection Failed warning saying something about an "invalid security certificate". This doesn't necessarily mean you've reached a bogus site. See FireFox's support for more information on this.

J.D. Abolins

Clarification NoteAdded 19 Aug 2008:
The mention of noting IP addresses of crucial sites is not the answer to the DNS vulnerability. It is simply mentioned as a helpful thing in general if you're dealing with certain crucial servers. For actual advice on dealing with the DNS vulnerability, follow the links to Dan Kaminisky's site.

Modification on 24 Aug 2008: I applied strikeouts to the observations that are confusing. Although I have a sound basis for those observations, they do look like the main advice given for the DNS vulnerability, rather than peripherial observations for using known IP address as a help for DNS problems in general.  Many aoplogies for the confusion.

Bethel Motor Speedway is a 1/4 mile paved oval track in White Lake, NY built in 1959. The track was previously known as White Lake Speedway, White Lake Raceway, Catskill Mountain Speedway, Kauneonga Speedway, and Sullivan County Speedway. In the past 10 or so years, the track has been closed and opened a number of times. After the 2006 season, the track closed and was eventually sold to new owners. The new ownership team plans to race every Saturday night n august and September with the first race being thi cming Saturday, August 2. I already have plans for the next few Saturdays, but I hope the track does well enough to run regularly again and I do plan on attending at least once this year.

Making Security Easier
Gives you the option of always forcing https for all of your mail.

I have previously posted about memory usage on 7.10. http://gquigs.blogspot.com/2007/12/32-vs-64-bit-memory.html

All tests were done with an Ubuntu LiveCD on the same machine for both 7.10 and 8.04.1. A network card may have changed between 7.10 and 8.04.1. Applications used were Firefox, OpenOffice.org Writer, Rhythmbox, Totem and Gimp. All values copied out of Gnome System Monitor.

Comparing Ubuntu 8.04.1 64 to 32

	32 bit	64 bit	Difference
Initial Boot	154.1	237.6	83.5
With Apps Open	262.7	395.7	133

I used the Phoronix Test Suite to attempt to get an idea of how ram access is changed from 32 bit to 64 bit. I was hoping to find a benefit for using 64 bit. I performed a very small test and did not find the benefit (in fact 64 bit was slighly slower). Results below:
http://global.phoronix-test-suite.com/?k=profile&u=quigs-32083-11560-32025
Note: This was a very very small test.

Comparing 7.10 to 8.04.1, Initial Boot Only

	7.10	8.04.1	Difference
64 bit	146.0	154.1	+8.1
32 bit	212.9	237.6	+24.7

"Hacking & the Law: What Are the Legal Considerations of Tinkering with Software & Hardware?"
Presentation for the Cherry Hill Linux Users Group (CHLUG)
Friday 1 Aug 2008 from 7pm to 9pm
in the Multicultural Room of The Cherry Hill Public Library.
1100 Kings Highway N., Cherry Hill, NJ. [Directions]
The meeting is open to the public.

UPDATE 24 Aug 2008: The slides from the presentation (including updates) are now online. [pdf]

When I offered to speak at a CHLUG meeting, I asked what information security topics they wanted covered. The answer was "Hacking & the Law". Interesting, but it is too vast a topic to cover in 45 minutes. I asked what they meant by "hacking". The CHLUG members explained they were interested in "hacking" as it pertains to tinkering with software and hardware. Since this is a Linux users group, the emphasis would be upon free & open source (F/OSS) concepts. Excellent!

Some of the things I'll cover include

• Quick overview of concepts such as copyrights, fair use, and patents.
• Overview of F/OSS licensing approaches such as GPL ones.
  
• Can F/OSS licensing provisions be enforced by law?
  
• Hardware tinkering issues such as "Tivoization" where a system incorprates F/OSS but the hardware is designed to prevent modification of the code.
• Examination of the issues raised by things such as the DMCA anti-circumvention provisions.
• Issues that can arise when publicising info about our tinkering.
• Suggestions for dealing with these issues.
  

(NOTE: I am not a lawyer and this general presentation is not a substitute for competent legal counsel.)

J.D. Abolins

At the HACDC Hackerspace area.

I'm posting photos and, eventually, videos at my Flcikr collection.
(You can see other Flickr images with the tags "Last HOPE" and "hacker" here.)

A Hacker Scene Anthem?
(Eine Hymne für die Hackerszene?)

A the closing of the Last HOPE conference, the funeral them broke in joyfulness when it was announced that this 2008 conference is not the final one but the last one attended so far. Then, a fellow from Austria added to the happy moment by proposing a hacker anthem: "Surfen Multimedia" done by the Eurocats in 1998. [mp3 link]

English translation of the lyrics:

Suring surfing through the world with multimedia
Suring surfing, day and night
on the data highway

Come join me on the internet tonight
I'm already waiting for you
Dude, be a user, go online
You'll meet me in the email

And should you lack some megabytes
You’ll find them here with me
Be it interface or cyberspace
I'll gladly share with you

With bits and bytes
With mouse and click
We are going on a tour
In the World Wide Web
We'll follow each new hint today

Just the song to listen while "surfen auf der Daten-Autobahn". Sorta like what ABBA might have done had they gotten interested in the Internet.

J.D. Abolins

Over the past few days, I’ve been listening to Tech Therapy. Tech Therapy is a series of podcasts in which “Scott Carlson, a Chronicle reporter, and Warren Arbogast, a technology consultant who works with colleges, talk about the headaches, anxieties, and general problems you might be having with technology on your college campus.” In through the archives, I listened to an interview with William Shell, director of academic technology and computing services at Eastern Michigan University, who asks: “How can a university make faculty members aware of copyright law?” Obvious, copyright is a big issue for libraries, and I really like that the conversation brought in the idea that the IT department partner with librarians who are familiar with, and interested in, copyright and fair use issues. They also brought in some other ideas about how to educate faculty about the issues involved without being seen as “the copyright police.” All of the Tech Therapy podcasts I listened to are interesting, but this one stood out for the librarian in me since they said things like “your best friends [on this issue] are in the library.” Probably not a lot of new information with people who deal with this, but still it was nice to see these non-librarian techies advocating for the librarians on this issue.

I read with interest the call for papers for the 3rd IEEE/ACM International Conference on Information and Communication Technologies and Development (ICTD2009). What caught my eye was the sentence of the conference focus which reads “Well-presented negative results from which generalizable conclusions can be drawn are also sought.” I’d like to see more reporting of well presented negative results at library-related conferences. Sometimes we here about negative results on e-mail lists when some asks the question “Has any tried this?” but very rarely do we have sessions that report on things that didn’t work out at conferences or read them in articles. This leads to different people try their same thing and also failing whereas if the negative results were public they could either decide to go in a different direction, or the can look at what didn’t work in the previous project and figure out a way to modify the approach so it will work.

In a number of different settings, both at work and while talking to librarians from other institutions, the subject of library statistics have come up. While all types of library statistics are always an item for discussion, in particular statistics about the size of various library collections have come up recently. While counts of traditional print materials are troublesome enough, counts of electronic resources are even more of an issue. There are just so many variables that make comparing these counts from library to library very difficult. One library may count a collection of databases as one database, while another may count each individual database separately. This is not to mention that the amount and quality of items in different databases can vary greatly.

One thing that I’ve been thinking about recently with respect to library statistics lately is what do we count that is available electronically? Specifically, should we count things that we provide access to that are freely available on the Web. For instance, if we provide a record for the Code4Lib Journal, or the dLIST (Digital Library of Information Science of Technology) should we count them as a serial or database holding respectively. How about if we add MARC records for freely available government documents from a vendor such as MARCIVE to our catalog? Does each record count as a government document although we didn’t purchase or physically possess the document. I’m not sure how many libraries count these items, but I know from talking to librarians many libraries only count items they directly pay for. I don’t think this is the correct approach. I think, especially with the high quality of many Open Access journals and other documents, the should be counted. If a librarian has taken the time and effort to evaluate a resource or collection of resources and to add it to the collection, I think it should count. Academic libraries no longer are just about physical collections of information, they are about providing access to quality information. Thus, if the library takes even minimal actions to provide access to a resource, it should be included in these counts (flawed as the are).

Apparently I wasn't the only one to notice that Linux had a good marketshare month.
http://blogs.zdnet.com/hardware/?p=2179

Time for another prediction and to check up on my older ones.
I last predicted on February 1st that Linux would displace Windows 2000 6.6 - 9.8 Months from them. We are now at the 6 month point and let's see what would be needed for that prediction to become true.

Currently Windows 2000 is at 2.11% and Linux is at .80%.
Windows 2000 is losing about .10 every month (average 6 months) and Linux is gaining about .03% every month.

Based on that data, it'll be another 10 months until Linux passes 2000. Far from the four more of my original prediction.

To actually make the "6.6 to 9.8" prediction true they would need to reduce the delta between them by .3275% every month.

My first prediction would require Linux to beat Windows 2000 by the end of this year, which would require the delta to shrink by .22 % every month.
I think that is doable, oh right and 1% at least by the end of the year as well (if not sooner)

Through Sunday afternoon (20 July 2008):
http://radio.hope.net/

Right now, I am listening to Steve Ramban, a private investigator who speaks at every HOPE conference, speak about privacy and, moreso, the ways it is disappearing. Fascinating as usual.

In a few days, I'll post links to photos and videos from the Last Hope.

Cheers,
J.D. Abolins

UPDATE (23 July 2008): The streaming radio feed from Last HOPE's Radio Statler is no longer on the air.

Andrew Pace had an interesting post about library Sacred Cow #1: patron privacy. His solution is to provide different levels of privacy to patrons. Basically his approach is having a privacy setting scale similar to what you be familiar in a web browser and let the patrons choose. Personally, I think this would be a great approach. Patrons are wise enough to make there own decisions on this. If a library choose to implement something like this, I think it would be prudent for the library to describe the pros and cons of choosing different settings (and should make the default very protective of privacy).

Many patrons would love to have this choice. On a number of occasions at the reference desk or over the phone a student or faculty member wanted to know what book they checked out a few weeks ago and I couldn’t help them because we didn’t have that information readily available. I have heard from people who work in interlibrary loan at different colleges about patrons wanting similar information about articles they requested in the past. These are just very basic examples. I think it is obvious that if we collected circulation and other information we could provide better service to our patrons, be it recommender systems, customized new book alerts, etc.

The question is, why don’t libraries do this? One reason is that no one has really built tools that can handle this type of system (although with the advent of VuFind, the eXtensible Catalog, and other projects, this is beginning to change). There are, of course, librarians who are, rightly so, worried about privacy. However, if adult patrons are giving an educated choice, this argument is almost a non sequitur to me. In fact, but not providing this choice, it is conceivable that we are opening patrons up for more risks to their privacy as they use other tools and services outside the library that will not be protected by state library privacy laws.

I am concerned about privacy as much as most librarians, but at some point we have to make a decision. If we are going to make information and services available to patrons there is always an offset between privacy and access. The only way we could avoid all possible privacy implications about patrons using our resources is to not make any resources available to them. So, we are already making a sliding scale between access/service and privacy — only we aren’t letting the patron make their own decision. We are making it for them. One thing I believe libraries need to be concerned with is the amount of information available outside of libraries. If we don’t make our quality information easily available, people will go elsewhere. If this happens in large enough numbers, we won’t have to worry about patron privacy, because we won’t have any patrons.

In one of the comments to this post, Roy Tennant mentioned that he is that he is baffled by the reflectance to adopt a solution such as Pace proposes. Roy writes “I think a lot of folks have forgotten the days when there were cards in the book that listed everyone who had checked the book out. Where was privacy then?” This is a good question. Some librarians like to dwell on all of today’s privacy risks while at the same time ignoring what libraries have done long before the turn of the century and the advent of Library 2.0.

Whenever a discussion about Library 2.0 applications come up in a conference session or an an e-mail list, almost invariably someone brings up privacy as a reason not to do this. Recently, I remember reading a blog post, e-mail, or article (sorry, I couldn’t find it anywhere) where someone questioned if the real reason some librarians bring up privacy in because they are afraid or against change. I wouldn’t go that far, but I do think that it may be part of it. I do believe most librarians are legitimately concerned about privacy - however we shouldn’t let this concern be the end-all of our being. We need to find ways to provide these enhanced services while still working to protect privacy of our patrons. I think Pace’s concept could be one tool in our arsenal for doing this.

This afternoon, Dark Reading reports:

Schneier, Team Hack 'Invisibility Cloak' for Files
Researchers break 'deniable file system' steganography feature that conceals the existence of sensitive files from hackers
JULY 16, 2008 | 5:35 PM

By Kelly Jackson Higgins
Senior Editor, Dark Reading

[...]
The researchers were able to get around DFS in versions 5.0 and below of TrueCrypt’s encryption-on-the-fly tool, and will present their findings on the hack at the Usenix HotSec ’08 summit next week in San Jose, Calif.

[...]
Schneier, who has studiedthe viability of the so-called “deniable” file system model in the past, says DFS is actually easier to hack than encryption, and that there may be no way to make files truly undetectable on a drive. “Deniability is a much harder security feature to enable than secrecy,” he says. [...]

The researchers were able to crack DFS without decrypting it. “Breaking the security of a DFS does not require decrypting the data; it only requires proving that (or in some cases simply providing strong evidence that) the encrypted data exists,” according to the report, which was co-authored by Schneier and University of Washington researchers Alexei Czeskis, David St. Hilaire, Karl Koscher, Steven Gribble, and Tadayoshi Kohno.

The researchers found that Windows Vista shortcuts can give away the existence of a hidden file. Vista, which automatically creates shortcuts to files that get used, then stores the shortcuts in the Recent Items folder. And the auto-save feature in Word, meanwhile, saved versions of the hidden files.

[...]
“Modern applications and operating systems are very complicated, and interact with each other in many different ways,” Schneier says. “Hiding the existence of something means controlling all those interactions, which turns out to be a very hard problem.”

Quite interesting. I am looking forward to the presentation whenever it becomes available on the USENIX Conference Proceeding site.

Related reference: Truecrypt's explanation of its Plausible Deniability approach.

UPDATE (17 July 2008):
Bruce Schneier & UW team's research paper "Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications" is now available at
http://www.cs.washington.edu/research/security/truecrypt.pdf
and
http://www.schneier.com/paper-truecrypt-dfs.html

Although Schneier has not yet mentioned the paper on his blog, some comments about Truecrypt and plausible deniability appear under his recent post "Using a File Erasure Tool Considered Suspicious".

I sometimes slip in "deniable plausibility"; it's hard to believe,
J.D. Abolins

I haven’t been able to find a copy of the complaint yet, but Apple has finally sued Psystar Corp over the Mac clones they have been marketing. The articles seem to claim that the lawsuit is based on copyright infringement. I assume they are also saying they are violating the EULA. The copyright issue would, as far as I can tell, apply if Psystar is modifying any non-Open Source code (remember, some of OS X is licensed with a BSD license). It will be interesting to see how far Psystar takes this. In past interviews they claimed that the EULA Apple has is violating U.S. monopoly laws. It would also be interesting to see how far this suit tests the idea of the EULA and if Psystar can somehow test to see if the first sale doctrine when it comes to shrink-wrap software will held up in courts.My guess is that Apple probably has a good chance of winning, or otherwise having this case settled in their favor, this based on the merits (and it doesn’t help Psystar that they have many more resources to fight this case in court). However, I would like to see some of the terms of these more thorughly EULA tested in court. Hopefully I’ll find a copy of the complaint sometime soon so I can actually see what Apple alleges in the complaint instead of some tech-writers interpretation.

Information about the conference at http://www.thelasthope.org
Speaker/ Talks info: http://www.thelasthope.org/talks.php
Conference schedule: http://www.thelasthope.org/matrix/
Discussion site: http://talk.hope.net

Since 1994, the Hackers on Planet Earth (HOPE) conferences have been held in New York City every other year. The HOPE conferences are organised by the folks who publish 2600 - The Hacker Quarterly.

These conferences bring together an interesting variety of people from all over the world, including technology fans, tinkers, academics, cryptography folks, cyber-liberties activists, and, of course, hackers of all kinds as well as people interested in hacker culture.

This year is going to be difficult for time but I hope to make it out for one of the days.

One of the presentations that should be very interesting is Johnny Long's "No Tech Hacking". I've seen him give such a presentation at TechnoForensics 2007 and it's both fun and thought provoking. The no tech aspect is a good eye-opener for people who get so focused upon technical/cyber security issues that they forget the low/no tech gotchas. (Hint for organisations with special security concerns that was conveyed by a couple of the slides: Don't put agency logos on laptops, laptop cases, etc. Advertising might not be your friend. <g>)

HOPEfully,
J.D. Abolins

bryan@homer:~$ dpkg -p flashplugin-nonfree
Package: flashplugin-nonfree
Priority: optional
Section: contrib/web
Installed-Size: 164
Maintainer: Ubuntu MOTU Developers
Architecture: i386
Version: 10.0.1.218+10.0.0.525ubuntu1~hardy1+really9.0.124.0ubuntu2

It's a really long thread of explanation..
https://bugs.launchpad.net/ubuntu/+source/flashplugin-nonfree/+bug/235135

Basically, flash10 and pulseaudio actually get along with Flash10. Firefox on the other hand does not :P. They reverted it out of backports due to this new bug.

The digital transition is coming... and not much changed this month. But I made the spreadsheet and added colors. Yes.. that was a useful.

Look at the colors...

Also, we set up a DTV converter box for one of our analog TVs. Much clearer. Get coupons, and we bought the cheapest one we could find.

I just read an interesting article on CNBC.com that dealt with the issue of non-exempt employees using BlackBerry’s and other electronic devices during after work hours. The article claimed that “Workplace BlackBerry Use May Spur Lawsuits. Basically the premise is that people who use a work supplied BlackBerry after work to do anything related to their job are working and if they are non-exempt they should be paid overtime. I’m exempt so my employer has nothing to worry about, but it is something managers should keep in mind if they are issuing these devices to non-exempt employees. The article suggests having policies in place for after-work usage of BlackBerry’s and also e-mail. It was also suggested that employers either not issue these devices or ask non-exempt employees to leave them at the office.

There was also some interesting stats in the article that I can relate to. According to the article, a survey by Cohesive Knowledge Solutions showed that the “average professional spends 50 minutes a day sending emails after work.” Also a “recent CareerBuilder.com survey, 25 percent of workers said they plan to stay in contact with work during their vacations, and 9 percent said their bosses wanted them to be working or at least checking voicemail and email while on vacation.” I am sure that I am not the only person involved with library technology that can relate to these numbers. Actually, I am surprised that the number was only 9 percent who had bosses who wanted them to check their e-mail on vacation, but I guess the CareerBuilder.com survey probably was based on a broader audience of job seekers.

It is true that new communication technology has made the workplace 24/7. This blurring of the lines between work and play is an interesting phenomenon and I think many of the best systems people in libraries I know truly do lead a blended life. Working and advocating for technology for libraries (esp. those who work on Open Source Software for libraries) is part of their being. I don’t necessarily think this is a bad thing. In fact, I think it can be a good thing (as long as ones boss understands that the effort you put into work outside of work requires some flexibility on their end as well). However, people that lead this blended life need to make sure they make time for their family, friends, and themselves. I personally have been trying to go without checking work e-mail as much on the weekends and after I leave work. It is hard because it will only take a minute or two. Of course, then you see some e-mails that will only take you a minute or two to get off your to do list, and then all of a sudden, you have easily used up the reported 50 minutes a day outside of work checking e-mails.

I think in order to make this all work and not become over-consuming is good time management skills. I think this is even more so with tenure-track (and other) positions that require publications and/or presentations. While there are thousands of time management books out there, the one I recommend is Time Management for System Administrators by Tom Limoncelli. What I like about Limoncelli’s book that I haven’t seen in the other books I have browsed it is is geared towards people with jobs that require constant interruption (think “The printer is broken!”). I also like that he doesn’t just talk about time management at work. His book discusses how to manage your personal time as well as your professional time. For someone with a blended work/personal life this is a good, and possibly only, approach. One example of how he does this is suggest that if there is a chore that you have to do all of the time that you don’t particularly enjoy and it can be outsourced at a reasonable rate and quality, you should do so. For example, if you hate doing laundry, why don’t you pay the local laundromat that offers full service to do it for you. Sure it costs more than if you did it yourself, but your time is valuable. You could be getting paid to hack code for more than it would cost you to pay someone to do laundry. As I said laundry is just an example, maybe for you it is cleaning your house or mowing your lawn, or any number of other things. Another gem in his book is the calendaring and to-do list management. I really can’t do his system justice in this short blog post, but I will say that his approach can work with a PDA or a PAA (a Personal Analog Assistant - i.e. a daily planner notebook) and you should purchase the book or take it of your local library and give it a try. It really isn’t that complicated (if it was, it wouldn’t work) but I have found it effective. The basica premise with the to-do list is to have manual intervention every day on your tasks. If they get automatically moved by your calendering software, you’ll never get to them. The other part is to make sure you don’t get these long endless lists. As I said read the book to learn how he does it.

While in France (report on the conference coming soon) I was using my trusty little digital camera to take photos until my 2 GB SD card filled up. At this point, I decided to delete a number of photos that I already loaded onto my computer that I forgot to delete previously. Unfortunately, a wombat jumped on my camera and selected “Delete All” on me [1]. Well, the first thing I did once I noticed this was to chase the wombat away. After that, I took the card out of the camera and put it somewhere for safe keeping. It is important, esp. on a full disk, not to write to the disk until after you recover the images or you mat lose some of them. Upon returning to the USA, I needed to figure out a way to recover these files. The camera, look must computing devices, basically just deletes the pointer to the files. The files are still there, just with no name or location information. Knowing I wasn’t the first person ever to have this problem, I looked on the Internet for solutions. What I found was PhotoRec. PhotoRec, available as GPL licensed Open Source software is:

file data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its ‘Photo Recovery’ name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your media’s filesystem has been severely damaged or re-formatted.

PhotoRec is a command line utility and there are binaries for Windows, Linux, OS2, and Mac OS X on their web site. I’m sure there are other programs out there - maybe even ones with a pretty graphic interface — but this did what I wanted so I didn’t try anything else. The first thing I had to do was install PhotoRec (it was in the Ubuntu repository, so that was easy). After installing it, I made an image of the SD disk using dd. The actual command I used to do this on my Ubuntu install was:

sudo dd if=/dev/sdb1 of=image.dd

after that, I basically followed the step-by-step directions on the PhotoRec Wiki. Worked like a charm and I got all my photos back. Well, all of them except the one I tried to get of the wombat that caused all of my files to be deleted in the first place.

[1] I don’t know what a wombat was doing in France, but this is my story and I’m sticking to it. After all, I would never accidentally delete any files by myself.

The newest issue of Binghamton University Libraries’ LibraryLinks newsletter is out. Check it out if you want to read about BUL. On page 10, there is a brief “Meet Edward Corrado, Head of Library Technology” write-up by Caryl Ward,

You can't buy a part of the radio spectrum in the United States. You can't even lease a part of it from the government for a fixed amount of time—say 15 years. No, if you want to use the radio spectrum, you must lease part of it for an indefinite amount of time; you get to use it until the government says you can't anymore. For example, Congress recently confiscated and auctioned off spectrum belonging to serveral TV stations.

Imagine if you could only buy normal property for an indefinite amount of time. That book you just bought could be taken away tomorrow; so could your house. You'd live in perpetual fear of losing your property, and you'd probably try to persuade the government not to take it. If the government was a rational one, you'd hire the best sophists to persuade them of your need. If the government was a venal one, you'd bribe them outright. Economists call regulatory capture the idea that the people most affected by a regulation are the people who will work the hardest to influence the regulators in their favor. Congress has been captured.

Instead of blaming the wireless industry for corrupting Congress, or blaming Congress for becoming corrupted, I demand that Congress sell or lease radio spectrum with definite guarantees. Spectrum buyers should know what they can do with their property and for how long they can do it, and they should know this in advance. There is no other simple way to free Congress from bondage to the wireless industry.

[Tags: economics, politics]

The way I read it, it isn’t a 100% done deal, but it appears Venezuela’s National Library is going to migrate to Koha. Big news for people in the Koha camp I would say! Here is the press release:

Venezuela’s National Library evaluated, decided to deploy
the Koha Integrated Library System
========================================

On the first half of 2008, Venezuela’s National Library
(BNV) evaluated the Koha ILS and other FLOSS-based
ILSs, together with a proprietary ILS, and decided to
deploy Koha in two phases for the Library’s catalogue,
which includes more than two million records, and the
National Public Library System.

The evaluation was made by the Information Technology
Office, and starting February 2008, three independent
Koha consultants were asked for technical help in order
to evaluate Koha strengths and shortcomings, and
possible development/improvement plans, as well as an
important migration plan from the legacy NOTIS system.
Circulation, acquisitions and patrons weren’t regarded
as critical modules of the ILS, while Cataloguing,
Authorities and Serials were given special attention.

Ailé Filippi and Mariana González, licensed librarians,
deployed a full Koha demonstration and worked for
two months with the BNV librarians in order to establish
the desired functionality level. BNV librarians wanted a
new input system for MARC records which allow them
to manually input all fields and subfields, and a very
particular notation for holdings which allows to specify
the specific Public Library where the item is held.

On the other hand, José Miguel Parrella Romero, an
IT consultant, worked with BNV’s IT Office in order
to recommend and install the latest Koha3 snapshot,
and configured a working proof of concept using Zebra
for more than 70 thousand simulated records. BNV
staff export data from NOTIS and use a proprietary
tool to convert those records to an ISIS database, so
it was necessary to write a computer program which
migrates those records to MARC.

While the project is currently waiting for further actions,
Fernando Báez, BNVs General Manager, and Sergio Teijero,
IT Consultant for BNV, have exposed BNV intentions to
fully deploy the Koha ILS in short term, migrating over
2 million records and providing access to thousands of
Public Libraries and users around the World who would
like to access BNV catalogue information using Koha3
OPAC, while renewing BNV’s IT platform.

I just posted the slides for the presentation I did with Heather L. Moulaison at the Sixth International Conference on Cultural Attitudes Towards Technology and Communication (CATaC) 2008 on my scholarly activities Web page. Emma Tonkin also co-authored the paper in the proceedings but unfortunately she couldn’t join us in France. I’ll write up a review of the conference in the next week or so. However, I will say at this point it was a fun conference with a lot of interesting people to meet. The citation for our presentation is:

Moulaison, Heather Lea, Emma Tonkin, & Edward M. Corrado (2008, June 27). Linking communities of practice online. Sixth International Conference on Cultural Attitudes Towards Technology and Communication (CATaC) 2008. Université de Nîme Nîmes, France.

The URL is: http://ecorrado.us/scholarly/catac2008/.

Sign my pledge

"I will Vote Third Party for President If Telecom Immunity Passes Into Law but only if 100,000 other registered voters will do the same."

I simplified it, cause it apparently had confused me. Thanks to David Harding for his suggestions.

While surfing Amazon.com, you discover your favorite living author will publish a new book in a couple months. At this moment, if you were me, the pressure to click the pre-order button will strain your fiscal restraint. You don't need the book in hardcover; you don't feel like spending $20 on a book that might suck; but you don't want to forget about it, and you'd really like to read the book the same week all your friends do.

You might have an alternative to the pre-order button. My local library pre-orders books itself. As soon they order the book, they enter it into their catalogue—making it available to request. I currently have the first request for By Schism Rent Asunder by David Weber (due out July 22nd) and Zoe's Tale by John Scalzi (August 19). I can forget about these books until the library calls and says they're ready. What a deal!

Other people know about this technique, but not too many. I requested Harry Potter book 4 from the library a month before it was released and there were 12 people ahead of me in the queue. Happily, the library system ordered more than 12 copies, so I got to read a copy the Tuesday after the Saturday official release.

I keep hoping that, by some fluke, the library might get a book and lend it to me before the official release date. This hasn't happened to me—yet—and even if it did, it would only be the icing on top of a very delicious cake.

[Tags: books, sfbook, scalzi, bio]

It's time to try a little bit of an honest assessment in my statistics gathering (Eh, honesty and statistics are overrated).
The simple fact of the matter is that if Linux had gained market-share like Vista did this year, I would absolutely call this the "Year of the Linux Desktop"
Vista gained 10% market-share this year, reaching 16%. Linux almost doubled it's market share going from .47% to .80%.

For all of how bad we have heard Vista is 16% or so of the world appears to be using it. Linux is still vying to beat Windows 2000 and the PPC Mac OS.

Windows XP		71.20%
Windows Vista		16.14%
MacIntel		5.25%
Mac OS		2.69%
Windows 2000		2.11%
Linux		0.80%
Windows NT		0.69%

However if you look at the total Windows / Mac / Linux stats it paints a slightly different picture..

Month	Windows	Mac	Linux
May, 2008	91.13%	7.83%	0.68%
June, 2008	90.89%	7.94%	0.80%

This is Linux's biggest monthly increase (+.12%) I can see going back to 2006. We gained more total market-share then either the total of Windows or Mac (although we lost to versions, Vista and MacIntel). We might not be able to claim this year as the year Linux freed the computing desktop.
Month of the Linux Desktop sounds like a good stepping stone though.

*All Statistics from Net Applications, http://marketshare.hitslink.com

ICQ just broke support for pidgin in Ubuntu. There’s a thread about it here, the patch is here. If you don’t want to apt-get source, apply the patch, and build it, you have the following option: if you are on Hardy, x86, and trust me a lot, I have the packages built here. I’ll leave them up until the update gets released, or my server goes down.

JoeTerranova.net

On 30 June 1908, something hit the Earth's atmosphere and resulted in the biggest space impact of modern times. It occurred over Tunguska in Siberia. If the event had occured over, say, London, it could have been a gigantic tragedy instead of scientific curiosity. Quite a close call.

• BBC story "Fire in the sky: Tunguska at 100"
• Scientific American on "Tunguska Mystery 100 Years Later"
• Rian.ru story "Тунгусский метеорит: факты и гипотезы" (Tunguska meteorite: facts and hypotheses,)
• English translation of the above story via Google Translate.
• Wikipedia on the Tanguska Event.
• 1908 Siberian Explosion (includes some paintings of how the event might have appeared.)

Thinking about a "blast from the past",
J.D. Abolins

I propose this petition, called the True Change Petition (please think of a cooler name as well as your normal comments)

If the FISA bill with retroactive immunity for telecoms passes into Law I hereby agree that all those who voted for it will not get my vote in the 2008 November election for House or Senate.

This specifically includes those running for the office of President. Furthermore as Presidential nominee is a leadership position, if it passes even if the presidential candidate votes against it, I will not vote for them in the Presidential 2008 November election.

I agree to do this if this petition collects 10 Million signatures. This way if we all must vote for a third party candidate because of the above oath we are acting with enough votes to matter.
~Bryan Quigley

(Please make suggestions for modifications as well as a good real site to put this on)

Yesterday, The Guardian had an essay by Bruce Schneier on "CCTV doesn't keep us safe, yet the cameras are everywhere." (The essay is also posted on his blog along with readers' comments.)

No big surprises in the essay. It does, however, provide a good overview of some of the CCTV (closed circuit television) surveillance benefits-cost issues and offer links for further information, including UK Home Office's 2005 study "Assessing the impact of CCTV". Schneier is not against all uses of CCTVs. He does exhort people to examine where their benefits are worth costs (including non-material ones).

Is CCTV equivalent to 204TV?
J.D. Abolins

I am pretty bummed out to here that Scott Kalitta died in crash at Englishtown. Although I don’t follow drag racing closely, I always like the Kalitta’s (probably because his cousin Doug Kalitta was a USAC Sprint champion in 1994used to race on oval tracks. R.I.P.

I came across two wiretapping items in the past 24 hours.

1. Happy 40^th Birthday for the US Wiretap Act

The US "Wiretap Act" (18 U.S.C. 119 - Wire and Electronic ommunications Interception and Interception of Oral Communications) is now 40 years old! It, along with the rest of the Omnibus Crime Control and Safe Streets Act, was enacted on 19 June 1968.

Many thanks to Orin Kerr for mentioning this in his post today on the Volokh Conspiracy.

2. DIY Wiretapping & Counter-measures

IT Security site has an article about Do-It-Yourself wiretapping and how to counter it. A good overview of some relatively inexpensive methods to tap into phones and some ways to detect certain taps. (Those methods are not likely to detect sophisticated taps.)

One thing the article mentioned that was new to me was that Toy's R Us sells a telephone bug kit from Elenco Electronics. The kit's product description says:

Listen in on telephone conversations in your home with this build it your self telephone bug. Its compact size (about the size of a dime) allows it to fit into most telephone handsets. Easy to install and fun to build. No battery are required. Complete with training course. Soldering is required.

While I am in favour of kids learning about science and technology with hands on projects, the telephone bug kit and some other "spy toys" remind me a bit of a scene from George Orwell's 1984 where Mr. Parsons tells Winston Smith about the Spies, a youth group serving Big Brother:

"[...] That's a first-rate training they give them in the Spies nowadays -- better than in my day, even. What d'you think's the latest thing they've served them out with? Ear trumpets for listening through keyholes! My little girl brought one home the other night -- tried it out on our sitting-room door, and reckoned she could hear twice as much as with her ear to the hole. Of course it's only a toy, mind you. Still, gives 'em the right idea, eh?"

Hmmm....

"I hear you..."
J.D. Abolins

If you can keep your CoC when all about you

Are losing theirs and blaming it on you,

If you can trust your package when all men doubt you

But make allowance for their doubting too,

If you can wait for Debian and not be tired by waiting,

Or being lied about by pundits, don't deal in lies,

Or being hated, don't give way to Gentoo hating,

And yet don't look too good, nor talk too wise:

If you can dream—and not make Brainstorm your master,

If you can think—and not make Specifications your aim;

If you can meet with Triumph and Disaster

And treat those two impostors just the same;

If you can bear to hear the truth you've spoken

Twisted by trolls to make a trap for fools,

Or watch the things you gave your life to, broken,

And stoop and build 'em up with worn-out coreutils:

If you can make one heap of all your winnings

And risk it all on one turn of apt-get install,

And lose, and start again at your beginnings

And never breath a word about your dpkg --force-all;

If you can force your heart and nerve and sinew

To serve your turn long after you've got RSI,

And so hold on when there is nothing in you

Except the Will which says to them: "never say die!"

If you can talk with crowds and keep your virtue,

Or walk with SABDFL—nor lose the common touch,

If neither foes nor Debian Developers can hurt you;

If all men count with you, but none too much,

If you can fill the unforgiving minute

With sixty seconds' worth of distance run,

Yours is the Earth and everything that's in it,

And—which is more—you'll be an Ubuntu Member, chosen one!

---

My sincerest apologies to the shade of Rudyard Kipling, author of the original poem.

[Tags: parody, ubuntu, kipling, debian, quotes]

I previously predicted
"Firefox 3, 1% marketshare before release"

According to NetApplications , it got pretty close (.96%)

Last week, The Register and The Times reported that Russian president Dmitry Medvedev has been seeking to make the Internet more Russian language friendly. (By the way, The Register mentioned Live Journal in its article.<wink>)

Reuters reported President Medvedev saying:

"We must do everything we can to make sure that we achieve in the future a Cyrillic Internet domain name -- it is a pretty serious thing."
[...]
"It is a symbol of the importance of the Russian language and Cyrillic and it is not a bad sphere of cooperation. And I think we have a rather high chance of achieving such a decision in the Internet world."

Medvedev claims that more than 300 million people worldwide use Russian media and the access to Russian language sites without having to enter Latin alphabet domain names would make it easier for them.

Currently, Russian domains generally have the .ru top level domain (TLD). With the future possible Cryllic domain names, it is very like the TLD will be .рф (Cyrillic of .rf for Росси́йская Федера́ция - Russian Federation) instead of .ру (Cryllic of .ru). A major problem with the Cyrillic .ру TLD is it Paraguay's Latin-character code .py.

So, if the proposal gets implemented, Russians looking for the Kremlin's Web site could type in the URL Кремль.рф instead of kremlin.ru.

Meanwhile, ICANN has been working on setting up "internationalized domain names" (IDNs) that would allow the use of non-Latin characters in domain names.

Overall, I welcome the ability to have non-Latin character domain names. One concern I have, however, is the possibility for mishaps or mischief via "lookalike" domain names across different character sets.

I already mentioned the confusion that could occur with a Russian .ру domain and a Paraguayan .py domain. Many Cyrillic characters look like Latin ones. On a machine level, such as hexadecimal or binary, the differences are quite evident. One security help may be a browser add-in that indicates what character set(s) appear in the URL and for what country is the TLD associated.

J.D. Abolins

Last night, I saw Adam Sandler's movie "You Don't Mess with the Zohan".The comedy was hilarious at many points but rude, crude, and literally "cheeky" at other points. (It has some scenes not for the prudish nor for children.) Not a great movie but I got enough good laughs to be satisfied.

Rather than going into a detailed review of the film, I figure I can do more good by giving a glossary for some of the Arabic (A), Hebrew (H), and Yiddish(Y) words & references I recollect from the movie.

• Abba (H) - Father, Daddy
• Boker tov (H) - Good morning.
• Fattoush (A) - A Middle Eastern salad. (One of the characters turns out to have been named Fattoush. I wonder if the joke was that it sounded like "fat tush" or that it was akin to a US tough guy named "tatter salad". Maybe both.<g>)
• Feygeleh (Y) - "Little bird", often slang reference to a male homosexual.
• Imma / Eemma (pronounced like "ee-mah"] (H) - Mother, Mum
• ShabaH / (A) - Phantom. "The Phantom" character often wore a maroonish headband with the word written in Arabic: شبح
  [Note below on movie head gear texts.]
  
• Sharmuta (A) - Slang for "whore" or "skank". The expletive was uttered by one of the hair stylists as she was hanging up the phone. (The word has also been picked by Israeli Hebrew slang.)

If you recollect any other Arabic or Hebrew words from the Zohan movie that I missed, let me know.

ADDITION & UPDATES (as of 26 June2008)

Transliteration note: I use an upper case "H" to represent the "ح" in Arabic. There isn't an equivalent sound in English. It is an emphatic "h" sound that some describe as the sound you might make if you just swallowed something really hot or spicy.

• Sheket (H) - Quiet; shut up.
• Arabic numbers as in reciting a phone number. One of the gags involved a character giving a phone number in Arabic. The way he says them is what's funny independent of knowing exactly what he said. (I'm not going to give away the joke itself.) Anyway, here are the numbers 0 through 9 in Arabic:
  
• 0. Sifr (By the way, we get the word "cipher" from this word.)
  1. WaaHid
  2. Ithnaan
  3. Thalaatha
  4. 'Arba'a
  5. Khamsa
  6. Sitta
  7. Sab'aa
  8. Tamaaniya
  9. Tis'aa

"Don't Mess with the Yonatan,"
Jonathan "J.D." Abolins

PS.: The cleverest headgear text gag I ever saw was on the "Blazing Saddles" movie poster. It depicted Mel Brooks wearing a Sioux chief's war bonnet and the beadwork said "כשר לפסח" ( Kasher LePesach" "kosher for Passover" in Hebrew).

Things I noticed based on options for preinstalled OSes:


Dell

• Stops selling Windows XP preinstalled on June 18th to make the June 30th deadline.
• Currently ships Ubuntu computers with 7.10.
• replaces Windows XP with more Ubuntu options after the July 3rd 8.04.1 release?
• Their website still doesn't work properly with Adobe Flash and Firefox on Ubuntu.
  

System76

• Sells all Desktops and Laptops with 8.04 64-bit edition (only)
  

You are my one true love

You knock on my door when I'm lonely

You bring me gifts for no occasion

You always know exactly what I want

And I don't want you to stop

Will you marry me, Dan-the-UPS-man?

[Tags: funny]

Curious to know what is available already on the digital television airways? So am I.
So I took our HDTV on cable and hooked it up to some bunny ears. A few settings changed and a scan later and it was working.
I compiled a list of available channels and put them in a spreadsheet:
View Online
Or Download ODS

I plan to try to do another scan every month or so, and update the spreadsheet (which you can subscribe to if you really want).

Note: Those that were "flaky" most likely due to my bad hook up job. On analog all stations were quite fuzzy.

I had mentioned Security & Privacy Day @ Stony Brook University in an earlier post and I attended the conference. The slides from most of the presentation are now online on the event's speaker schedule.

A chart from the paper "Spot me if you can: recovering spoken phrases in encrypted VoIP conversations" linked from Prof. Monrose's home page. The chart shows the overlap of Hungarian with some other languages.

One of the more interesting (to me) sessions was "Information Leakage in Encrypted Network Traffic" by Fabian Monrose of Johns Hopkins University. The presentation showed how variable bit rate (VBR) compression in VoIP carries over some hints of the audio wave forms before compression. The packet sizes vary in some resemblance of the wave forms and, from the packet sizes, it is possible to get clues about the encoded communications. It is possible to have a good go at identifying the language spoken in the VoIP communications and, in some cases, spot certain phrases. Interestingly, spoken Hungarian (Magyar) can look like Arabic, Czech, Turkish, and several other languages in the VBR analysis. Monrose said that some linguists are looking into why.

Unfortunately, the slides from this talk are not on the Security & Privacy Day 2008 site. But you can lean about the VoIP VBR analysis from Prof. Monrose's home page. Look under the papers for Encrypted Traffic.

Speaking of professors' home pages and their papers, I was checking out the home page for Prof. Rebecca Wright of Rutgers University. She was scheduled to speak on "Incentives for honestly announcing paths in BGP" but, instead, spoke on network privacy and some ways to maintain soem privacy in the course of data mining. Prof. Wright's home page has links useful for people learning about the mathematics of cryptography and application of cryptography. (The emphasis is heavy on the maths; not the place if you are merely looking to learn day-to-day practical applications, such as how to use GnuPG.) Besides her papers, check out out the syllabi for her courses if you are trying to get an idea of how to study the underlying workings of modern cryptography.

J.D. Abolins

It is not often that local short tracks get a nice article in “main stream” newspapers, let alone big city papers like the New York Times. However, that is what happened for New Egypt Speedway today. The article, At Small Tracks, High Fuel Prices Put Racers in a Pinch is really more about the effects of the high price of fuel on the racers than the actual racing itself, but still an interesting read.

How the Free versus Proprietary Software conflict frames our culture and ultimately government.

This is the first large political science paper I've written (20 Pages). I do plan on releasing the final copy under CC licensing, or maybe make it a wiki page.

It is currently available as HTML, PDF, and ODT if you would like to try to read it.

Please criticize, suggest, comment, etc. I am looking for feedback. Thanks.

The possibility appears to exists that Firefox 3 might reach 1% market share before it is officially releases.
My blog reports exactly 50/50 between Firefox 2 and 3.
Other more mainstream sources are reporting as high as .50% for Firefox 3 from last month.

Firefox 3 might already have reached 1%, and we will find out on June 1st.

United States Senator (Choose 1)
Links to more information
Note: VoteSmart is pretty cool, check it out

• Cresitello
  
  • Wikipedia
  • CresitelloForUSSenate.com
  • VoteSmart
    
• Lautenberg
  
  • Wikipedia
  • LautenbergForNJ.com
  • VoteSmart
    
• Andrews
  
  • Wikipedia
  • RobAndrewsForChange.com
  • VoteSmart
    

Member of the NJ House of Representatives (Choose 1)

• Adler
  
  • Wikipedia
  • AdlerForCongress.com
    
  • VoteSmart
    

Yes, he is running unchallenged for the Democratic seat. His record is pretty good in my book.

Members of the Board of Chosen Freeolders (Choose 2)
Both Democratic and Republic candidates are covered in