Better now!

As soon as my laptop came back from repairs, I started to feel better - being back with 1920x1200 resolution is great! NVidia is much more stable than ATi and Intel wireless is just great!

And then last weekend I was in Berlin for the FFII board meeting and used the opportunity to see the city with my girlfriend. I must say that there is a lot of interesting things to see in Berlin.The things I would recommend everyone are: go to the Zoo (5-7 hours of superb fun), then take bus 100 to Alexander Platz (driving by all the main landmarks), go up on the TV tower, then come down and sometime late in the night go to 'Weekend' dance club.

The Zoo is fantastic - most of the time there are no walls between you and the animals, only deep pits. Most animals can be seen both in their outdoor spaces and in their indoor places. The park is a bit maze like, but the best thing is that you can just keep on walking and you will always have something interesting to look at. Wherever there is a underwater bit, there is a glass plate that allows you to look underwater. It looks almost like huge TV sets. When a family of hippos swims by a long wall of glass, the effect fantastic. And so is the whole zoo.

Going to the 'Weekend' club was another interesting experience. We found out of the club from Wikitravel and went there around 22:30. The place was barely warming up. We easily found the big office building with red "SHARP" ad on top just off the Alexander Platz, but it was fully dark and quiet with no signs about the club, so we looked for people. At one of the entrances there were a couple people with a table that took 5€ from us and waved us inside to the elevators. When elevators came, they had two guys inside that did not ask us anything, but just shot us up to the 15th floor, we followed the small stream of people and came to a wooden roof-top terrace with lots of place to sit, to chat, to drink and a very long bar with lots of staff ready to make us a drink. And there was music - great quality soft disco music that was quiet enough so that people could relax and talk freely. You could see the street below, but not a sound from this roof-top chill-out reached the street level - that is one great way to make a club. We also checked out the small dance room on the 15th floor, but did not stay around for long enough to see the main area on the 12th floor. Again, the sound system was perfect - they were rolling dance music on vinyl and I could really hear the difference in the depth of sound and appreciate how the female DJ mixed the tracks seamlessly. We were a bit surprised by the number of gay people in the club, both male and female. It is very rare to see that in Latvia because of the still prevalent prejudice, unfortunately.

We also went to a great place serving South African food and we ate some ostrich and gnu meat which was cooked flawlessly. It was a place of a slightly higher level than we normally eat, but it was totally worth it.

1, 2, 3, can this month soon over be ... ?

Personal-life rant follows after a break.

At the beginning of this month life was great, then it all went went downhill.

First my cat is gone. He came home sick, he did not eat, slept a lot and he puked several times. After reading all kinds of articles on the net, I convinced myself that it is not as bad as it looks as there was no sign of blood in the vomit or any other symptoms. So when he demanded to be let outside, I let him out thinking that fresh air and possibly some kind of grass might make him better. And if not, I would bring him to the vet in the morning (it was Sunday). I went out to see how he was every hour. I found him the first three times, but since then I have not seen him anymore. And noone else has. We asked the neighbors, put out flyers, browsed the shelters. Nothing. Thinking back, he most likely had eaten some kind of poison or something that caused a hard bowel obstruction. Those things often are fatal even with surgical intervention. Two weeks have gone now. I am still hoping, but it is wearing very thin.

After that, last week my laptop broke down - power adapter failed and video card developed bad VRAM. Luckily I still have warranty, so it is sent in for repair. But still I am without my laptop for a week already and I am not sure how much longer Dell service will take. It was almost two weeks last time. Now I am stuck either using eeePC 701 with Debian or borrowing my girlfriends laptop while she sleeps or is out of the home.

The on Sunday a final blow came - my bicycle and my girlfriends brand new bicycle were stolen. In broad daylight, in the center of Riga someone cut a very thick hardened steel cable and took our bikes. We called police and filed the report, but the hope here is rather dim as well. We will only be able to afford spending on new (or used) bikes around spring now. Now we are reading all kinds of stuff about bicycle theft prevention that we did not know before. The only positive is that it brings us together almost as much as riding those bikes brought us closer together over the last month, since my girlfriend bought hers.

I think this is the most depressed state that I have ever been in.

I hope that my laptop comes back from the repair soon and that will end this dark streak in my life.

WoWHead client for Linux

This is highly unofficial, but if you want to upload your World of Warcraft statistics to WoWHead in Linux, then you might be able to do so by using the following script. You will need curl and wget installed.


#Path to WoW
WOW="/home/user/games/World of Warcraft"
#User name on WoWHead
#MD5sum of your WoWHead password
#You MAC address (without separators, lower case)
#WoW account name
#WoW Locale

# Ignoring the update info for now, just downloading it all
wget -q -O /dev/null
rm -rf "$WOW/Interface/Addons/+Wowhead_Looter"
mkdir -p "$WOW/Interface/Addons/+Wowhead_Looter"
wget -q -O "$WOW/Interface/Addons/+Wowhead_Looter/Wowhead_Looter.lua"
wget -q -O "$WOW/Interface/Addons/+Wowhead_Looter/+Wowhead_Looter.toc"
wget -q -O "$WOW/Interface/Addons/+Wowhead_Looter/Wowhead_Looter.xml"
wget -q -O "$WOW/Interface/Addons/+Wowhead_Looter/Localization.lua"

# Ignoring authentification errors. This should return "0" on a sucessful login.
wget -nv "$USER&password=$PASS&macAddress=$MAC" -O /dev/null

# Uploading all data
TMPDIR=`mktemp -d`
cp "$WOW/wtf/Account/$ACC/SavedVariables/+Wowhead_Looter.lua" .
cp "$WOW/Cache/wdb/$LOCALE/creaturecache.wdb" .
cp "$WOW/Cache/wdb/$LOCALE/gameobjectcache.wdb" .
cp "$WOW/Cache/wdb/$LOCALE/itemcache.wdb" .
cp "$WOW/Cache/wdb/$LOCALE/pagetextcache.wdb" .
cp "$WOW/Cache/wdb/$LOCALE/questcache.wdb" .
gzip *
curl -F "file0=@+Wowhead_Looter.lua.gz" -F "file1=@creaturecache.wdb.gz" -F "file2=@gameobjectcache.wdb.gz" -F "file3=@itemcache.wdb.gz" -F "file4=@pagetextcache.wdb.gz" -F "file5=@questcache.wdb.gz" "$USER&password=$PASS&macAddress=$MAC"
rm -rf $TMDIR

To get MD5sum of your password use this:

echo -n "password" | md5sum

Firefox 3.0 download record

Download Day

Please help set a world record of most downloads in 24 hours by downloading a copy of Firefox 3.0 in the next 24 hours starting at 18:00 GMT today. Download yourself and get all your friends to do so as well. Only one download per computer is counted towards the record. More info on the record attempt.

Firefox 3.0 Download record countdown timers.

P.S. The SpreadFirefox web page is down at the moment. Overloaded less than 2 hours before the go time.

RIP Tim Russert

"Thou shalt not whine" was written under his desk. I just discovered him recently and was presently surprised by his directness in questioning politicians and challenging them to explain things that they have said before. Like a Howard Stern of politics. Not shy to respectfully question the existing assumptions, but (unlike Howard) still remaining neutral and not drawing conclusions himself. He will be missed.

P.S. I do however feel the NBC could have included some other news in the Nightly News of the day as well. Dropping everything and just covering one man seams a bit excessive to me.

Not going to Debconf8

With the cost of plane tickets approaching 2000 USD it is rather hard to sell me going to the Debconf 8 as that can be approximated as 3-4 months of my income. I did apply for travel sponsorship, but due to some kind of brainfart I misread "Amount I am unable to fund myself" as "Amount I am able to fund myself" and thus asked for far less money than I actually need. Therefore, after the Debconf team strictly stated that the requested amount can not be changed at this point, it has become clear that I cann't come to Debconf 8.


I would still love to come if there was sponsorship money to cover my fare and even suggested putting me to the end of the sponsorship priority list, but apparently that is not happening. Have fun, and see you all in Spain in 2009.

Saturday Night what?

After catching a glimpse of John McCain on Saturday Night Live (SNL) I decided to watch a full show to see if is good enough to add to my daily US news lineup (which currently consists of The Daily Show, The Colbert Report and NBC Daily News).

From the very start the comedy level is pathetic with fake laughter gushing out over something that is apparently was supposed to be funny. Combined with the pretense of "smart comedy" that says - "If you don't laugh when we laugh, you just don't get it." which is pure old brainwashing aimed to make people stop thinking. Very far from anything I would call good TV.

BIG INTRO WITH BIG VOICE. Useless Americanisms. And then Steve Carell does the most stupid and idiotic '6 RedBulls' routine that I've ever seen. Are the writers still on strike? "There can be only one Democratic nominee" was a bit better, bit still rather simplistic. "Deal or no deal" was an even dumber one. "Two assholes do karaoke" actually was even worse. "Japanese Office" was nothing but a cheap pun of the *American* version of the Office with a few Japanese words. I think it went on for 5 minutes, which was 4 minutes and 55 seconds too long for something of such horrible production value. Another John McCain appearance, while misreading the teleprompter (not on purpose), was actually the highlight of the show.

That shows two things: John McCain is so desperate that he feels it is acceptable to appear on such a low quality show and that SNL is overrated - even a politician can do a better job at comedy then the SNL staff.

That Usher guy song was on the same level as the jokes of the show, so no hard done there.

News were almost ok. Not nearly as good as The Daily Show, but better then the rest of the show. Not a single item was chosen to make people think, just the opposite. "FitTV" bit was .. well .. pointless. So was CPR bit. And the 'Bless this child' bit.

In summary, I've never seen a more pointless and badly made show. That thing could pass for good in 60s or maybe even 70s, but to consider that show good nowadays in any country with reasonably developed TV would be just insanely dumb.

Fastforward to January 21st 2009 ...

"... Today is the first day in office for President Barack Obama ... In other news, Hillary Clinton is still on the campaign trail and is not giving up ..." - best ever joke about the current US election. I think it was from The Daily Show, but I cannot be certain.

Too similar to be different

Eric, I cann't claim to 100% understand the situation but after glancing trough the logs of the discussions and of the patches the conclusion I came to was this - OpenSSL used supposed randomness of the uninitialized memory as an added source of entropy (interesting hack, but not an example of good coding as such). Valgring caught that problem and the Debian maintainer during a cleanup fixed it. Making such a fix can be considered a preventive step against possible attack vectors by poisoning the uninitialized memory. He took it up to upstream, they did not raise red flags, but did not quite merge the 'clean up' patch either. It fell through the cracks.

The problem is that in the same file, in another function all other sources of entropy were being merged into the pool of randomness using exactly the same code line as the one code line flagged by Valgrind. The maintainer assumed that the second code line has a similar function to the first and commented that one as well. AFAIK that also did not show up in the emails to the upstream list.

So we have:

  • Upstream using clever hacks that rely on uninitialized memory having some randomness to it

  • Upstream using same code and same variable names to describe different things

  • Upstream having no comments in the code explaining the two things above

  • Maintainer slightly over-generalizing a change

  • A bug slipping trough the cracks in the review processes

  • Another Debian Developer discovering the bug and recognizing its significance despite all of the above

  • Debian project coming out and admitting all of the above and scrambling to get fixes out to its users ASAP

I am impressed by the swift action of the people involved in fixing this. And while I think everyone can find some lesson be learned here, I think this is another good example of free software in action. And I hope that in the aftermath of this we will find ways to prevent this from happening in the future without stifling our progress.

Kriptogrāfiskā šmuce (SVARĪGI!)

Īsumā - visas pēdējos divos gados uz Debian sistēmām (ieskaitot Ubuntu, Knoppix, ...) ģenerētās SSH atslēgas, SSH serveru sertifikāti, SSL sertifikāti, x509 sertifikāti, OpenVPN atslēgas un DNSSEC atslēgas ir uzskatāmas par nedrošām. Nekavējoties atjaunojiet libssl-dev, libssl0.9.8-dbg, openssl un libssl0.9.8 pakas uz jaunākajām versijām un uzģenerējat jaunas atslēgas.



  • Serveru administrātoru darāmais:

    • sudo apt-get update && sudo apt-get upgrade

  • Servera SSH atslēgas pārģenerācija:
    sudo rm /etc/ssh/ssh_host*
    sudo dpkg-reconfigure openssh-server

  • Lietotāju atslēgu dzēšana:sudo rm /home/*/.ssh/authorized_keys

  • Informēt SSH lietotājus par nepieciešamību atjaunot viņu sistēmas un tikai tad uzģenerēt jaunu atslēgu un augšupielādēt to

  • Dabūt jaunu SSL sertifikātu HTTPS darbībai

  • Uzlikt jaunās 'open*-blacklist' pakas, kas neļaus pieslēgties izmantojot nedrošas atslēgas